6.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
0.0004 Low
EPSS
Percentile
15.7%
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the applicationβs privileges.
Fix for 9.0.20 branch was released in version 9.0.20.238.Β Fix for 9.0.21 branch was released in version 9.0.21.201.
[
{
"defaultStatus": "unknown",
"product": "Control-M",
"vendor": "BMC",
"versions": [
{
"lessThan": "9.0.20.238",
"status": "affected",
"version": "9.0.20",
"versionType": "custom"
},
{
"lessThan": "9.0.21.201",
"status": "affected",
"version": "9.0.21",
"versionType": "custom"
}
]
}
]