Lucene search
K

218 matches found

CNVD
CNVD
added 2025/09/18 12:0 a.m.1 views

BMC Control-M Stack Buffer Overflow Vulnerability (CNVD-2025-22539)

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. BMC Control-M suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

9.3CVSS7.1AI score0.0015EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/18 12:0 a.m.6 views

BMC Control-M Stack Buffer Overflow Vulnerability

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. BMC Control-M suffers from a stack buffer overflow vulnerability that originates from formatting an error message when SSL/TLS communication is misconfigured, no...

6.3CVSS7.5AI score0.00308EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/18 12:0 a.m.2 views

Unspecified Vulnerability in BMC Control-M (CNVD-2025-22541)

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M/Agent, which stems from improper ordering of AUTHORIZEDCTMIP validation, and can be exploited by an attacker to...

6.9CVSS6.9AI score0.00362EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/18 12:0 a.m.4 views

BMC Control-M Authentication Bypass Vulnerability

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. An authentication bypass vulnerability exists in BMC Control-M that stems from an authentication bypass when using an empty or default kdb keystore or a default...

9.5CVSS7.1AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/18 12:0 a.m.4 views

BMC Control-M Memory Corruption Vulnerability

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A memory corruption vulnerability exists in BMC Control-M that stems from misconfiguration of SSL/TLS communication, no details of the vulnerability are provided a...

8.9CVSS7.1AI score0.00343EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/18 12:0 a.m.5 views

Unspecified Vulnerability in BMC Control-M

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M that originates when an email address in a client certificate stops validating when it encounters a NULL byte, whi...

10CVSS6.8AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2025/09/16 1:16 p.m.4 views

CVE-2025-55118

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n"; Control-M/Agent 9.0.21 and 9.0.22: Agent router...

8.9CVSS0.00343EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.5 views

CVE-2025-55117

A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n";...

6.3CVSS6.2AI score0.00308EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.6 views

CVE-2025-55117

A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n";...

6.3CVSS0.00308EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.5 views

CVE-2025-55115

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability wa...

9.3CVSS0.00161EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.3 views

CVE-2025-55115

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability wa...

9.3CVSS5.8AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.4 views

CVE-2025-55116

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions...

9.3CVSS6AI score0.0015EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.14 views

CVE-2025-55116

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions...

9.3CVSS0.0015EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.4 views

CVE-2025-55113

If the Access Control List is enforced by the Control-M/Agent and the C router is in use default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVAAR setting in newer versions, the verification stop...

10CVSS5.8AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.5 views

CVE-2025-55114

The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...

6.9CVSS0.00362EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.7 views

CVE-2025-55113

If the Access Control List is enforced by the Control-M/Agent and the C router is in use default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVAAR setting in newer versions, the verification stop...

10CVSS0.00271EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.4 views

CVE-2025-55112

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

7.6CVSS0.00202EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.6 views

CVE-2025-55112

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

7.6CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.4 views

CVE-2025-55111

Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating ...

5.7CVSS0.0012EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.5 views

CVE-2025-55111

Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating ...

5.7CVSS5.8AI score0.0012EPSS
Exploits0References2
Rows per page
Query Builder