CVE-2021-35002— Bmc Software Track-It! 代码问题漏洞

BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability

BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122.

N/A

危险类型文件的不加限制上传

Bmc Software Track-It! 代码问题漏洞

Bmc Software Track-It!是美国Bmc Software公司的一个 It 帮助台软件。用于带有资产管理的帮助台和服务台。 Bmc Software Track-It! 存在代码问题漏洞，该漏洞源于存在于电子邮件附件的处理过程中。 该问题是由于缺乏对用户提供的数据的适当验证造成的，这可能允许上传任意文件。 攻击者可以利用此漏洞在服务帐户的上下文中执行代码。

N/A

N/A