Lucene search
K

218 matches found

Cvelist
Cvelist
added 2025/09/16 12:20 p.m.7 views

CVE-2025-55113 BMC Control-M/Agent unescaped NULL byte in access control list checks

If the Access Control List is enforced by the Control-M/Agent and the C router is in use default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVAAR setting in newer versions, the verification stop...

9.5CVSS0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 12:19 p.m.2 views

CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

7.6CVSS6.4AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 12:19 p.m.16 views

CVE-2025-55112

Control-M/Agent, versions 9.0.18–9.0.20 (out-of-support) configured to use a non-default Blowfish encryption implementation rely on a hardcoded key, enabling an attacker with access to network traffic and the key to decrypt traffic between the Control-M/Agent and the Server. Root cause: hardcoded...

7.6CVSS6.4AI score0.00202EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/16 12:19 p.m.7 views

CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

7.6CVSS0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 12:18 p.m.3 views

CVE-2025-55111 BMC Control-M/Agent insecure default file permissions

Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating ...

5.7CVSS6.3AI score0.0012EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 12:18 p.m.16 views

CVE-2025-55111

CVE-2025-55111 affects BMC Control-M/Agent; out-of-support versions 9.0.18–9.0.20 and some earlier/upgraded newer versions contain files with overly permissive permissions that store SSL keys, keystores, and policy passwords. An attacker with local access can read these files. The connected sourc...

5.7CVSS6.3AI score0.0012EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/16 12:18 p.m.8 views

CVE-2025-55111 BMC Control-M/Agent insecure default file permissions

Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating ...

5.7CVSS0.0012EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 12:16 p.m.2 views

CVE-2025-55110 BMC Control-M/Agent hardcoded default keystore password

Control-M/Agents use a kdb or PKCS12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password...

5.7CVSS6.4AI score0.00126EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 12:16 p.m.14 views

CVE-2025-55110

CVE-2025-55110 concerns BMC Control-M/Agents that use a kdb or PKCS#12 keystore by default with a well-known, documented password. The available connected sources confirm that an attacker with read access to the keystore could disclose sensitive data using this password. The vulnerability centers...

5.7CVSS6.4AI score0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/16 12:16 p.m.7 views

CVE-2025-55110 BMC Control-M/Agent hardcoded default keystore password

Control-M/Agents use a kdb or PKCS12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password...

5.7CVSS0.00126EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 12:14 p.m.19 views

CVE-2025-55109

The CVE-2025-55109 entry describes an authentication bypass in out-of-support Control-M/Agent versions 9.0.18–9.0.20 (and potentially earlier unsupported builds) when using an empty/default kdb keystore or a default PKCS#12 keystore. A remote attacker who has access to a signed third-party or dem...

9.5CVSS6.8AI score0.00329EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/16 12:14 p.m.6 views

CVE-2025-55109 BMC Control-M/Agent default SSL/TLS configuration authenticated bypass

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS12 keystore. A remote attacker with access to a signed third-party or demo...

9.5CVSS0.00329EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 12:14 p.m.2 views

CVE-2025-55109 BMC Control-M/Agent default SSL/TLS configuration authenticated bypass

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS12 keystore. A remote attacker with access to a signed third-party or demo...

9.5CVSS6.8AI score0.00329EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.4 views

PT-2025-37942

Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Description: Out-of-support versions of Control-M/Agent configured to use the non-default Blowfish cryptography algorithm utilize a hardcoded key. An attacker with network access and knowledge of...

7.6CVSS6.2AI score0.00202EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.3 views

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. BMC Control-M suffers from a stack buffer overflow vulnerability that originates from formatting an error message when SSL/TLS communication is misconfigured, no...

6.3CVSS7.3AI score0.00308EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.5 views

PT-2025-37941

Name of the Vulnerable Software and Affected Versions Control-M/Agent versions 9.0.18 through 9.0.20 Description Files with overly permissive permissions were identified, potentially exposing keys and passwords related to SSL files, keystores, and policies. An attacker with local access to the...

5.7CVSS6.2AI score0.0012EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.9 views

PT-2025-37924

Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Control-M/Agent versions prior to 9.0.18 potentially earlier unsupported versions Description: An authentication bypass issue exists when using an empty or default kdb keystore or a default PKCS1...

9.5CVSS6.4AI score0.00329EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.3 views

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20 and prior unsupported versions, which stems from an overly generous file permission settin...

5.7CVSS6.4AI score0.0012EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.1 views

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20, which stems from the Blowfish encryption algorithm that uses a hard-coded key, and could...

7.6CVSS6.7AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.7 views

PT-2025-37946

Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Description: A buffer overflow in Control-M/Agent can lead to local privilege escalation when an attacker has access to the system running the Agent. Recommendations: Update Control-M/Agent...

9.3CVSS6.8AI score0.0015EPSS
Exploits0References5
Rows per page
Query Builder