CVE-2022-35864

This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bmc:track-it\!:20.19.03:*:*:*:*:*:*:*
cpe:2.3:a:bmc:track-it\!:20.20.01:*:*:*:*:*:*:*
cpe:2.3:a:bmc:track-it\!:20.20.02:*:*:*:*:*:*:*
cpe:2.3:a:bmc:track-it\!:20.20.03:*:*:*:*:*:*:*
cpe:2.3:a:bmc:track-it\!:20.21.01:*:*:*:*:*:*:*
cpe:2.3:a:bmc:track-it\!:20.21.02:*:*:*:*:*:*:*

Information

Published : 2022-08-03 09:15

Updated : 2022-08-09 09:20


NVD link : CVE-2022-35864

Mitre link : CVE-2022-35864


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

bmc

  • track-it\!