Skip to main content

Control M

5 CVEs product

Monthly

CVE-2024-1606 MEDIUM This Month

Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Control M
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1605 HIGH This Week

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Control M
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1604 MEDIUM This Month

Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Control M
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-39122 CRITICAL Act Now

BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Control M
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-26550 CRITICAL POC Act Now

A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Control M
NVD
CVSS 3.1
9.8
EPSS
0.8%
EPSS 0% CVSS 5.4
MEDIUM This Month

Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Control M
NVD
EPSS 0% CVSS 7.8
HIGH This Week

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Control M
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Control M
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Control M
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Control M
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy