219 matches found
BMC Control-M 安全漏洞
BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M/Agent, which stems from improper ordering of AUTHORIZEDCTMIP validation, and can be exploited by an attacker to...
PT-2025-37946
Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Description: A buffer overflow in Control-M/Agent can lead to local privilege escalation when an attacker has access to the system running the Agent. Recommendations: Update Control-M/Agent...
PT-2025-37947
Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.20 through 9.0.22 Description: Memory corruptions can be remotely triggered in Control-M/Agent when SSL/TLS communication is configured. This issue occurs when specific non-default settings are enabled...
BMC Control-M 安全漏洞
BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M that stems from the default use of the kdb or PKCS12 keystore with a known password, which can be exploited by an...
PT-2025-37924
Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Control-M/Agent versions prior to 9.0.18 potentially earlier unsupported versions Description: An authentication bypass issue exists when using an empty or default kdb keystore or a default PKCS1...
PT-2025-37945
Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Description: A path traversal in Control-M/Agent can lead to local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts out-of-support...
BMC Control-M 安全漏洞
BMC Control-M is an application from BMC Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M/Agent versions 9.0.18 through 9.0.20, which stems from a path traversal issue that could result in local elevation of...
BMC Control-M 安全漏洞
BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. BMC Control-M suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause a local elevation of privilege...
BMC Control-M 安全漏洞
BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M that originates when an email address in a client certificate stops validating when it encounters a NULL byte, whi...
BMC Control-M 安全漏洞
BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20, which stems from the Blowfish encryption algorithm that uses a hard-coded key, and could...
BMC Control-M 安全漏洞
BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20 and prior unsupported versions, which stems from an overly generous file permission settin...
CVE-2025-48709
An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbuconnectiondetails.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process...
CVE-2025-48709
BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...
CVE-2025-48709
BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...
PT-2025-32309
Name of the Vulnerable Software and Affected Versions BMC Control-M version 9.0.21.300 Description An issue exists where the Control-M Server, when connected to a database, frequently runs DBUStatus.exe. This process then calls dbu connection details.vbs, passing the username, password, database...
BMC Control-M 安全漏洞
BMC Control-M is an application from BMC Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M version 9.0.21.300, which originates from the explicit storage of database credentials and could lead to information...
CVE-2025-48709 BMC Control-M/Server cleartext database credentials in process lists and logs
BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...
CVE-2025-48709 BMC Control-M/Server cleartext database credentials in process lists and logs
BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...
CVE-2025-48709
CVE-2025-48709 affects BMC Control-M/Server 9.0.21.300, where credentials are stored in cleartext and exposed via process lists and logs. The root cause is the control path when a database connection is active: Control-M/Server runs DBUStatus.exe, which invokes dbu_connection_details.vbs with the...
CVE-2024-1604
Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifi...