Lucene search
K

107 matches found

RedhatCVE
RedhatCVE
added 2025/09/18 12:29 p.m.5 views

CVE-2025-55117

A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n";...

6.3CVSS7.1AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/18 12:29 p.m.7 views

CVE-2025-55115

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability wa...

9.3CVSS6.8AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/18 12:29 p.m.17 views

CVE-2025-55116

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions...

9.3CVSS7.2AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/18 12:29 p.m.12 views

CVE-2025-55114

The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...

8.9CVSS6.7AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/18 12:29 p.m.9 views

CVE-2025-55109

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS12 keystore. A remote attacker with access to a signed third-party or demo...

9.5CVSS7.1AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/18 12:29 p.m.13 views

CVE-2025-55112

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

7.6CVSS6.7AI score0.00202EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/18 12:0 a.m.2 views

Unspecified Vulnerability in BMC Control-M (CNVD-2025-22541)

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M/Agent, which stems from improper ordering of AUTHORIZEDCTMIP validation, and can be exploited by an attacker to...

6.9CVSS6.9AI score0.00362EPSS
Exploits0References1
NVD
NVD
added 2025/09/16 1:16 p.m.4 views

CVE-2025-55118

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n"; Control-M/Agent 9.0.21 and 9.0.22: Agent router...

8.9CVSS0.00343EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.5 views

CVE-2025-55117

A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n";...

6.3CVSS6.2AI score0.00308EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.6 views

CVE-2025-55117

A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n";...

6.3CVSS0.00308EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.21 views

CVE-2025-55116

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions...

9.3CVSS0.0015EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.6 views

CVE-2025-55115

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability wa...

9.3CVSS0.00161EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.4 views

CVE-2025-55115

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability wa...

9.3CVSS5.8AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.5 views

CVE-2025-55116

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions...

9.3CVSS6AI score0.0015EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.8 views

CVE-2025-55113

If the Access Control List is enforced by the Control-M/Agent and the C router is in use default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVAAR setting in newer versions, the verification stop...

10CVSS0.00271EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.4 views

CVE-2025-55113

If the Access Control List is enforced by the Control-M/Agent and the C router is in use default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVAAR setting in newer versions, the verification stop...

10CVSS5.8AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.7 views

CVE-2025-55114

The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...

6.9CVSS0.00362EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.6 views

CVE-2025-55112

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

7.6CVSS5.8AI score0.00202EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 1:16 p.m.6 views

CVE-2025-55112

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

7.6CVSS0.00202EPSS
Exploits0References2
OSV
OSV
added 2025/09/16 1:16 p.m.5 views

CVE-2025-55111

Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating ...

5.7CVSS5.8AI score0.0012EPSS
Exploits0References2
Rows per page
Query Builder