The exploit leverages ConfigurationService and FileStorageService services, which allows uploading a file anywhere in the Track-It! server’s file system by means of parent path traversal.
The file upload vulnerability to upload a file to the web root was reported on 11.4. This vulnerability was addressed in 220.127.116.115. However a new vulnerability was reported that can be used to traversed to parent paths of Track-It! server and then upload a file and execute code under the IIS user.
We have reviewed and prioritized the issue as High. We highly recommend that you apply the cumulative patch stated in the Solution section below to remediate this issue.
Related Knowledgebase References: TIA07457
The exploit uses a variant of arbitrary file upload vulnerability referred in CVE-2014-4872 and is also published in CVE-2015-8273. This security Vulnerability was found & reported by “Pedro Riberio working with Beyond Security's SecuriTeam Secure Disclosure program".
Should you still wish to contact support regarding this issue, please reference TL1069845
This vulnerability has been addressed and fixed in Track-It! 11.4 SP1 Version 18.104.22.1688 / 11.4.01 which is available in the Product Downloads section at http://www.bmc.com/support/support-central.html.