Control-m Security Vulnerabilities and Issues — Control-m CVE List

Lucene search

BmcControl-m

5 matches found

CVE•added 2023/02/25 8:15 p.m.•70 views

CVE-2023-26550

A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.

9.8CVSS9.9AI score0.00066EPSS

CVE•added 2024/03/18 10:15 a.m.•58 views

CVE-2024-1605

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0...

7.8CVSS6.6AI score0.00022EPSS

CVE•added 2023/07/31 11:15 p.m.•52 views

CVE-2023-39122

BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).

9.8CVSS9.6AI score0.00066EPSS

CVE•added 2024/03/18 10:15 a.m.•49 views

CVE-2024-1606

Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by ...

5.4CVSS4.9AI score0.00102EPSS

CVE•added 2024/03/18 10:15 a.m.•47 views

CVE-2024-1604

Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier...

6.8CVSS6.3AI score0.00065EPSS