Lucene search
K

218 matches found

NVD
NVD
added 2025/09/16 1:16 p.m.4 views

CVE-2025-55110

Control-M/Agents use a kdb or PKCS12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password...

5.7CVSS0.00126EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.6 views

CVE-2025-55109

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS12 keystore. A remote attacker with access to a signed third-party or demo...

9.5CVSS0.00329EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.3 views

CVE-2025-55109

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS12 keystore. A remote attacker with access to a signed third-party or demo...

9.5CVSS5.9AI score0.00329EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 12:23 p.m.12 views

CVE-2025-55118

CVE-2025-55118 concerns BMC Control-M/Agent. The issue is a memory corruption vulnerability that can be remotely triggered when SSL/TLS is configured, with specific non-default conditions: Control-M/Agent 9.0.20 using non-default SSL/TLS setting use_openssl=n; and 9.0.21/9.0.22 with non-default s...

8.9CVSS6.2AI score0.00343EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 12:23 p.m.4 views

CVE-2025-55118 BMC Control-M/Agent memory corruption in SSL/TLS communication

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n"; Control-M/Agent 9.0.21 and 9.0.22: Agent router...

8.9CVSS6.2AI score0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/16 12:23 p.m.5 views

CVE-2025-55118 BMC Control-M/Agent memory corruption in SSL/TLS communication

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n"; Control-M/Agent 9.0.21 and 9.0.22: Agent router...

8.9CVSS0.00343EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 12:22 p.m.19 views

CVE-2025-55117

CVE-2025-55117 describes a stack-based buffer overflow in BMC Control-M/Agent when formatting an error message while SSL/TLS is configured. Reported impact is remote triggering under specific conditions: Control-M/Agent 9.0.20 with SSL/TLS configured to the non-default use_openssl=n; and Control-...

6.3CVSS6.7AI score0.00308EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/16 12:22 p.m.3 views

CVE-2025-55117 BMC Control-M/Agent buffer overflow in SSL/TLS communication

A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n";...

6.3CVSS7AI score0.00308EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/16 12:22 p.m.11 views

CVE-2025-55117 BMC Control-M/Agent buffer overflow in SSL/TLS communication

A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n";...

6.3CVSS0.00308EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/16 12:22 p.m.13 views

CVE-2025-55116 BMC Control-M/Agent buffer overflow local privilege escalation

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions...

9.3CVSS0.0015EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 12:22 p.m.3 views

CVE-2025-55116 BMC Control-M/Agent buffer overflow local privilege escalation

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions...

9.3CVSS7AI score0.0015EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 12:22 p.m.19 views

CVE-2025-55116

The CVE-2025-55116 issue affects BMC Control-M/Agent, specifically versions 9.0.18–9.0.20 (potentially earlier unsupported builds). It is caused by a stack/buffer overflow in the Agent running on the target system, enabling local privilege escalation when an attacker has system access. Mitigation...

9.3CVSS7AI score0.0015EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/09/16 12:21 p.m.14 views

CVE-2025-55115

CVE-2025-55115 affects BMC Control-M/Agent versions 9.0.18–9.0.20 (and potentially earlier unsupported builds). The vulnerability is a path traversal in the Control-M/Agent that can enable local privilege escalation when an attacker has access to the system running the Agent. Impact is described ...

9.3CVSS6.5AI score0.00161EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/16 12:21 p.m.9 views

CVE-2025-55115 BMC Control-M/Agent path traversal local privilege escalation

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability wa...

9.3CVSS0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 12:21 p.m.4 views

CVE-2025-55115 BMC Control-M/Agent path traversal local privilege escalation

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability wa...

9.3CVSS6.5AI score0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 12:20 p.m.2 views

CVE-2025-55114 BMC Control-M/Agent improper IP address filtering order

The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...

6.9CVSS6.6AI score0.00362EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/16 12:20 p.m.7 views

CVE-2025-55114 BMC Control-M/Agent improper IP address filtering order

The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...

6.9CVSS0.00362EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 12:20 p.m.17 views

CVE-2025-55114

The CVE-2025-55114 entry concerns BMC Control-M/Agent. The root cause is the improper ordering of AUTHORIZED_CTM_IP validation, where the Server IP is validated only after an SSL/TLS handshake, exposing the agent to issues in the SSL/TLS implementation under certain non-default conditions (relate...

6.9CVSS6.3AI score0.00362EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 12:20 p.m.2 views

CVE-2025-55113 BMC Control-M/Agent unescaped NULL byte in access control list checks

If the Access Control List is enforced by the Control-M/Agent and the C router is in use default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVAAR setting in newer versions, the verification stop...

9.5CVSS6.4AI score0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/16 12:20 p.m.6 views

CVE-2025-55113 BMC Control-M/Agent unescaped NULL byte in access control list checks

If the Access Control List is enforced by the Control-M/Agent and the C router is in use default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVAAR setting in newer versions, the verification stop...

9.5CVSS0.00271EPSS
Exploits0References2
Rows per page
Query Builder