7 matches found
CVE-2025-55111
Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating ...
CVE-2025-55111
Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating ...
CVE-2025-55116 BMC Control-M/Agent buffer overflow local privilege escalation
A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions...
CVE-2025-55115
CVE-2025-55115 affects BMC Control-M/Agent versions 9.0.18–9.0.20 (and potentially earlier unsupported builds). The vulnerability is a path traversal in the Control-M/Agent that can enable local privilege escalation when an attacker has access to the system running the Agent. Impact is described ...
CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...
CVE-2025-55109 BMC Control-M/Agent default SSL/TLS configuration authenticated bypass
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS12 keystore. A remote attacker with access to a signed third-party or demo...
BMC Control-M 安全漏洞
BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20 and prior unsupported versions, which stems from an overly generous file permission settin...