Vulnerabilities > CVE-2024-1606 - Unspecified vulnerability in BMC Control-M

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

bmc

NVD

Published: 2024-03-18

Updated: 2025-03-06

Summary

Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200.

Vulnerable Configurations

Part	Description	Count
Application	Bmc BMC Control M *	1

References

https://cert.pl/en/posts/2024/03/CVE-2024-1604
https://cert.pl/en/posts/2024/03/CVE-2024-1604
https://cert.pl/posts/2024/03/CVE-2024-1604
https://cert.pl/posts/2024/03/CVE-2024-1604
https://www.bmc.com/it-solutions/control-m.html
https://www.bmc.com/it-solutions/control-m.html