Login Sign Up

CVE-2021-35001

6.5 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in BMC Track-It! allows authenticated attackers to access sensitive information through the GetData endpoint due to missing authorization checks. Attackers can exploit this to disclose stored credentials, potentially leading to further system compromise. Organizations using vulnerable versions of BMC Track-It! are affected.

💻 Affected Systems

Products:
  • BMC Track-It!
Versions: Versions prior to the patched version (specific version numbers not provided in references)
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Authentication is required to exploit, but any authenticated user can potentially access sensitive data.

📦 What is this software?

Track It\! by Bmc

View all CVEs affecting Track It\! →

Track It\! by Bmc

View all CVEs affecting Track It\! →

Track It\! by Bmc

View all CVEs affecting Track It\! →

Track It\! by Bmc

View all CVEs affecting Track It\! →

Track It\! by Bmc

View all CVEs affecting Track It\! →

Track It\! by Bmc

View all CVEs affecting Track It\! →

Track It\! by Bmc

View all CVEs affecting Track It\! →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative credentials, leading to complete system takeover, data exfiltration, and lateral movement across the network.

🟠

Likely Case

Attackers access sensitive configuration data or user credentials, enabling privilege escalation and limited system compromise.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to credential disclosure requiring additional steps for exploitation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once authentication is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references, but patches are available according to vendor advisories

Vendor Advisory: https://community.bmc.com/s/article/Security-vulnerabilities-patched-in-Track-It

Restart Required: Yes

Instructions:

1. Review BMC security advisory for specific patch version
2. Download appropriate patch from BMC support portal
3. Apply patch following BMC installation instructions
4. Restart Track-It! services

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to Track-It! application to authorized users only

Authentication Hardening

all

Implement strong authentication policies and monitor for suspicious authentication attempts

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Track-It! servers from critical systems
  • Enable detailed logging and monitoring of GetData endpoint access patterns

🔍 How to Verify

Check if Vulnerable:

Check Track-It! version against BMC security advisory for vulnerable versions

Check Version:

Check Track-It! administration console or application properties for version information

Verify Fix Applied:

Verify patch installation and confirm version is updated beyond vulnerable versions

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to GetData endpoint
  • Multiple failed authentication attempts followed by successful access

Network Indicators:

  • Unusual traffic to Track-It! application from unexpected sources

SIEM Query:

source="track-it" AND (endpoint="GetData" OR endpoint="*GetData*") AND status=200 | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2021-35001
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-862
Published: May 7, 2024
Last Updated: April 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35001, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)