9.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.3%
BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).
github.com/DojoSecurity/BMC-Control-M-Unauthenticated-SQL-Injection