Lucene search
K

219 matches found

CNNVD
CNNVD
added 2025/09/16 12:0 a.m.4 views

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M/Agent, which stems from improper ordering of AUTHORIZEDCTMIP validation, and can be exploited by an attacker to...

6.9CVSS6.7AI score0.00362EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.7 views

PT-2025-37946

Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Description: A buffer overflow in Control-M/Agent can lead to local privilege escalation when an attacker has access to the system running the Agent. Recommendations: Update Control-M/Agent...

9.3CVSS6.8AI score0.0015EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.5 views

PT-2025-37947

Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.20 through 9.0.22 Description: Memory corruptions can be remotely triggered in Control-M/Agent when SSL/TLS communication is configured. This issue occurs when specific non-default settings are enabled...

8.9CVSS6.4AI score0.00343EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.4 views

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M that stems from the default use of the kdb or PKCS12 keystore with a known password, which can be exploited by an...

5.7CVSS6.7AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.10 views

PT-2025-37924

Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Control-M/Agent versions prior to 9.0.18 potentially earlier unsupported versions Description: An authentication bypass issue exists when using an empty or default kdb keystore or a default PKCS1...

9.5CVSS6.4AI score0.00329EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.5 views

PT-2025-37945

Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Description: A path traversal in Control-M/Agent can lead to local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts out-of-support...

9.3CVSS6.4AI score0.00161EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.4 views

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M/Agent versions 9.0.18 through 9.0.20, which stems from a path traversal issue that could result in local elevation of...

9.3CVSS6.5AI score0.00161EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.7 views

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. BMC Control-M suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

9.3CVSS7AI score0.0015EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.6 views

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M that originates when an email address in a client certificate stops validating when it encounters a NULL byte, whi...

10CVSS6.7AI score0.00271EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.4 views

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20, which stems from the Blowfish encryption algorithm that uses a hard-coded key, and could...

7.6CVSS6.7AI score0.00202EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.6 views

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20 and prior unsupported versions, which stems from an overly generous file permission settin...

5.7CVSS6.4AI score0.0012EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/09 12:23 a.m.21 views

CVE-2025-48709

An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbuconnectiondetails.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process...

7.8CVSS6.8AI score0.00122EPSS
Exploits0References1
NVD
NVD
added 2025/08/07 8:15 p.m.29 views

CVE-2025-48709

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

7.8CVSS0.00122EPSS
Exploits0References1
OSV
OSV
added 2025/08/07 8:15 p.m.5 views

CVE-2025-48709

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

7.8CVSS5.8AI score0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.7 views

PT-2025-32309

Name of the Vulnerable Software and Affected Versions BMC Control-M version 9.0.21.300 Description An issue exists where the Control-M Server, when connected to a database, frequently runs DBUStatus.exe. This process then calls dbu connection details.vbs, passing the username, password, database...

7.8CVSS6.5AI score0.00122EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/08/07 12:0 a.m.4 views

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M version 9.0.21.300, which originates from the explicit storage of database credentials and could lead to information...

7.8CVSS6.4AI score0.00122EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/07 12:0 a.m.27 views

CVE-2025-48709 BMC Control-M/Server cleartext database credentials in process lists and logs

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

4.8CVSS0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/07 12:0 a.m.6 views

CVE-2025-48709 BMC Control-M/Server cleartext database credentials in process lists and logs

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

4.8CVSS6.4AI score0.00122EPSS
Exploits0References1
CVE
CVE
added 2025/08/07 12:0 a.m.34 views

CVE-2025-48709

CVE-2025-48709 affects BMC Control-M/Server 9.0.21.300, where credentials are stored in cleartext and exposed via process lists and logs. The root cause is the control path when a database connection is active: Control-M/Server runs DBUStatus.exe, which invokes dbu_connection_details.vbs with the...

7.8CVSS6.4AI score0.00122EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:42 a.m.13 views

CVE-2024-1604

Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifi...

6.8CVSS6.8AI score0.00491EPSS
Exploits0References1
Rows per page
Query Builder