Lucene search
K
BmcControl-m

5 matches found

CVE
CVE
added 2023/02/25 12:0 a.m.83 views

CVE-2023-26550

CVE-2023-26550 affects BMC Control-M prior to 9.0.20.214. The vulnerability is a SQL injection in the memname JSON field that allows an attacker to execute arbitrary SQL commands. The issue is documented with a high severity (CVSS v3.1: 9.8/CRITICAL, network vector, no user interaction, no privil...

9.8CVSS9.9AI score0.00752EPSS
CVE
CVE
added 2024/03/18 9:59 a.m.76 views

CVE-2024-1605

CVE-2024-1605 affects BMC Control-M branches 9.0.20 and 9.0.21. On user login, the app loads all DLLs from a directory that has write/read access for all users, allowing potentially malicious libraries to load and execute with the application’s privileges. The CVE details indicate the vulnerabili...

7.8CVSS6.6AI score0.00204EPSS
CVE
CVE
added 2023/07/31 12:0 a.m.68 views

CVE-2023-39122

Summary: CVE-2023-39122 affects BMC Control-M ≤ 9.0.20.200, where an SQL injection is possible via the /RF-Server/report/deleteReport endpoint using the report-id parameter. The root cause is a SQL injection vulnerability in that API path. The issue is fixed in version 9.0.21, and is also mitigat...

9.8CVSS9.6AI score0.00558EPSS
Web
CVE
CVE
added 2024/03/18 10:0 a.m.67 views

CVE-2024-1606

CVE-2024-1606 describes a lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 that allows logged-in users to manipulate generated web pages by injecting HTML code, potentially enabling phishing via malicious links. The issue affects the web/UI layer and is caused by insufficien...

5.4CVSS4.9AI score0.00432EPSS
CVE
CVE
added 2024/03/18 9:59 a.m.66 views

CVE-2024-1604

CVE-2024-1604 concerns BMC Control-M branches 9.0.20 and 9.0.21 where an improper authorization flaw in the report management/creation module allows logged-in users to read and alter any report without proper permissions, given knowledge of the report identifier. Impact is limited to unauthorized...

6.8CVSS6.3AI score0.00491EPSS