3 matches found
Erlang/OTP -- FTP passive-mode client does not validate server response IP
https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq reports: The FTP client in passive mode did not validate the IP address returned in the server's response, allowing a compromised or malicious server to redirect the data connection to an arbitrary host. This enables server-sid...
CVE-2025-55114 BMC Control-M/Agent improper IP address filtering order
The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...
CVE-2025-55114
The CVE-2025-55114 entry concerns BMC Control-M/Agent. The root cause is the improper ordering of AUTHORIZED_CTM_IP validation, where the Server IP is validated only after an SSL/TLS handshake, exposing the agent to issues in the SSL/TLS implementation under certain non-default conditions (relate...