CVE-2021-35001

Опубликовано: 07 мая 2024

Источник: nvd

CVSS3: 3.1

CVSS3: 6.5

EPSS Низкий

Описание

The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527.

Ссылки

https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-001/
Third Party Advisory
https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-001/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bmc:track-it\!:20.19.01:*:*:*:*:*:*:*

cpe:2.3:a:bmc:track-it\!:20.19.02:*:*:*:*:*:*:*

cpe:2.3:a:bmc:track-it\!:20.19.03:*:*:*:*:*:*:*

cpe:2.3:a:bmc:track-it\!:20.20.01:*:*:*:*:*:*:*

cpe:2.3:a:bmc:track-it\!:20.20.02:*:*:*:*:*:*:*

cpe:2.3:a:bmc:track-it\!:20.20.03:*:*:*:*:*:*:*

cpe:2.3:a:bmc:track-it\!:20.21.01:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00484

Низкий

3.1 Low

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-jc9x-wh9f-2xf3

CVSS3: 3.1

github

почти 2 года назад

BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527.

EPSS

Процентиль: 65%

0.00484

Низкий

3.1 Low

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-862