Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local vector and high privileges required to access credential store; confidentiality-only impact with no integrity or availability effect.
Primary rating from Vendor (airbus).
CVSS VectorVendor: airbus
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentially earlier unsupported versions
AnalysisAI
Weak password hash storage in BMC Control-M/Enterprise Manager exposes account credentials to offline recovery attacks if an attacker gains access to the credential database. Affected are unsupported versions 9.0.20.x and potentially earlier legacy releases, meaning no vendor patch will be issued for these branches - upgrade to a supported release is the only vendor-endorsed remediation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local access to the Control-M/Enterprise Manager server with high operating-system or application privileges (PR:H per CVSS 4.0) sufficient to read the credential store - this is not a remotely triggerable flaw. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.6 (Medium) appropriately reflects the constrained exploitation path: AV:L restricts initial access to local or adjacent systems, PR:H requires admin-level credentials to reach the credential store, and AT:P signals that specific attack conditions - namely, successful exfiltration of hash data - must be met before the weakness is exercisable. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already escalated to administrator-level access on the Control-M/Enterprise Manager host - whether through a separate vulnerability, phishing, or insider threat - extracts the application's credential store from the local filesystem. Using a GPU-accelerated offline cracking tool against the weakly-hashed entries, the attacker recovers plaintext passwords for Control-M accounts and leverages any credential reuse to pivot into other enterprise systems or escalate further. … |
| Remediation | The primary and only vendor-endorsed remediation is to upgrade Control-M/Enterprise Manager from the unsupported 9.0.20.x branch to a currently supported release that implements adequately strong password hashing; consult the BMC knowledge article at https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA3cx000000GFeDCAW&type=Solution for the recommended target version. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Control M Enterprise Manager
View allSame weakness CWE-328 – Use of Weak Hash
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40933
GHSA-7fxm-rp47-f3xm