Lucene search
K

11 matches found

NVD
NVD
added 5 hours ago4 views

CVE-2026-10538

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS
Exploits0References1
NVD
NVD
added 5 hours ago3 views

CVE-2026-10539

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS
Exploits0References1
EUVD
EUVD
added 5 hours ago6 views

EUVD-2026-40926

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-40925

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 5 hours ago8 views

CVE-2026-10539 Unauthenticated command injection in Control-M/Server communication command

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...

9.5CVSS
Exploits0References1
CVE
CVE
added 5 hours ago6 views

CVE-2026-10539

The vulnerability CVE-2026-10539 affects Control-M/Server versions 9.0.20.x through 9.0.21.200 (and potentially earlier unsupported versions). It is caused by insufficient filtering/sanitization of user-supplied input in a Control-M/Server communication command, which could allow an unauthenticat...

9.5CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-29568

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00362EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/09 12:23 a.m.19 views

CVE-2025-48709

An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbuconnectiondetails.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process...

7.8CVSS6.8AI score0.00114EPSS
Exploits0References1
OSV
OSV
added 2025/08/07 8:15 p.m.2 views

CVE-2025-48709

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

7.8CVSS5.8AI score0.00114EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/07 12:0 a.m.4 views

CVE-2025-48709 BMC Control-M/Server cleartext database credentials in process lists and logs

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

4.8CVSS6.4AI score0.00114EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/06 12:0 a.m.2 views

BMC Control-M/Agent Arbitrary File Download Vulnerability

Control-M is one of BMC's most important automation control products, and is the world's leading integrated business scheduling solution for cross-platform and cross-application job scheduling. A security vulnerability exists in BMC Control-M/Agent and Control-M/Server communication when using th...

7.5CVSS7.1AI score0.01052EPSS
Exploits0References1
Rows per page
Query Builder