Lucene search
K

218 matches found

NVD
NVD
added 10 hours ago6 views

CVE-2026-10538

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS
Exploits0References1
NVD
NVD
added 10 hours ago5 views

CVE-2026-10540

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS
Exploits0References1
NVD
NVD
added 10 hours ago5 views

CVE-2026-10539

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS
Exploits0References1
CVE
CVE
added 10 hours ago7 views

CVE-2026-10538

This CVE affects Control-M components (Control-M/Server and Control-M/Enterprise Manager) with a deserialization vulnerability in the messaging consumer. The issue arises from deserializing user-controlled data without strict control of allowed object types in versions 9.0.20.x and potentially ea...

8.9CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 10 hours ago9 views

CVE-2026-10538 Improper deserialization handling in Control-M Components

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS
Exploits0References1
EUVD
EUVD
added 10 hours ago7 views

EUVD-2026-40926

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 10 hours ago9 views

CVE-2026-10539 Unauthenticated command injection in Control-M/Server communication command

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS
Exploits0References1
CVE
CVE
added 10 hours ago7 views

CVE-2026-10539

The vulnerability CVE-2026-10539 affects Control-M/Server versions 9.0.20.x through 9.0.21.200 (and potentially earlier unsupported versions). It is caused by insufficient filtering/sanitization of user-supplied input in a Control-M/Server communication command, which could allow an unauthenticat...

9.5CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-40925

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS5.9AI score
Exploits0References1
CVE
CVE
added 10 hours ago7 views

CVE-2026-10540

CVE-2026-10540 affects Control-M/Enterprise Manager (unsupported versions 9.0.20.x and potentially earlier). The vulnerability stems from weak protections for stored password hashes, potentially allowing offline password recovery if credential data is obtained. The CVSS metrics indicate a Local a...

5.6CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 10 hours ago10 views

CVE-2026-10540 Weak password hash protection in Control-M/Entreprise Manager

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS
Exploits0References1
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-40933

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...

5.6CVSS5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.7 views

CVE-2026-23782

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.8 views

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

8.8CVSS6.2AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2026/04/10 4:16 p.m.3 views

CVE-2026-23781

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...

9.8CVSS0.00284EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 3:31 p.m.5 views

EUVD-2026-21371

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

5.8AI score0.00272EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 12:0 a.m.4 views

CVE-2026-23782

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

5.8AI score0.00272EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 12:0 a.m.6 views

CVE-2026-23781

CVE-2026-23781 affects BMC Control-M/MFT 9.0.20–9.0.22. A set of default debug user credentials is hardcoded in cleartext in the application package, and, if unchanged, could be obtained to gain unauthorized access to the MFT API debug interface. The CVSS v3.1 base score is 9.8 (CRITICAL) with ne...

9.8CVSS5.8AI score0.00284EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-31922

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to...

5.8AI score0.00272EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/10 12:0 a.m.27 views

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

0.00401EPSS
Exploits0References2
Rows per page
Query Builder