Skip to main content

Control-M Enterprise Manager CVE-2026-10540

| EUVDEUVD-2026-40933 MEDIUM
Use of Weak Hash (CWE-328)
2026-07-01 airbus GHSA-7fxm-rp47-f3xm
5.6
CVSS 4.0 · Vendor: airbus
Share

Severity by source

Vendor (airbus) PRIMARY
5.6 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.4 MEDIUM

Local vector and high privileges required to access credential store; confidentiality-only impact with no integrity or availability effect.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (airbus).

CVSS VectorVendor: airbus

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 01, 2026 - 09:01 EUVD
Analysis Generated
Jul 01, 2026 - 08:35 vuln.today

DescriptionCVE.org

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentially earlier unsupported versions

AnalysisAI

Weak password hash storage in BMC Control-M/Enterprise Manager exposes account credentials to offline recovery attacks if an attacker gains access to the credential database. Affected are unsupported versions 9.0.20.x and potentially earlier legacy releases, meaning no vendor patch will be issued for these branches - upgrade to a supported release is the only vendor-endorsed remediation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain high-privilege local access to EM host
Delivery
Read credential store from local filesystem
Exploit
Exfiltrate password hash data
Execution
Perform offline dictionary or brute-force cracking
Persist
Recover plaintext admin passwords
Impact
Reuse credentials for lateral movement

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to the Control-M/Enterprise Manager server with high operating-system or application privileges (PR:H per CVSS 4.0) sufficient to read the credential store - this is not a remotely triggerable flaw. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.6 (Medium) appropriately reflects the constrained exploitation path: AV:L restricts initial access to local or adjacent systems, PR:H requires admin-level credentials to reach the credential store, and AT:P signals that specific attack conditions - namely, successful exfiltration of hash data - must be met before the weakness is exercisable. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already escalated to administrator-level access on the Control-M/Enterprise Manager host - whether through a separate vulnerability, phishing, or insider threat - extracts the application's credential store from the local filesystem. Using a GPU-accelerated offline cracking tool against the weakly-hashed entries, the attacker recovers plaintext passwords for Control-M accounts and leverages any credential reuse to pivot into other enterprise systems or escalate further. …
Remediation The primary and only vendor-endorsed remediation is to upgrade Control-M/Enterprise Manager from the unsupported 9.0.20.x branch to a currently supported release that implements adequately strong password hashing; consult the BMC knowledge article at https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA3cx000000GFeDCAW&type=Solution for the recommended target version. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10540 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy