Vulnerabilities > BMC > Control M
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-18 | CVE-2024-1604 | Authorization Bypass Through User-Controlled Key vulnerability in BMC Control-M Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. | 6.8 |
| 2024-03-18 | CVE-2024-1605 | Incorrect Default Permissions vulnerability in BMC Control-M BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. | 7.8 |
| 2024-03-18 | CVE-2024-1606 | Unspecified vulnerability in BMC Control-M Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. | 5.4 |
| 2023-07-31 | CVE-2023-39122 | SQL Injection vulnerability in BMC Control-M BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. | 9.8 |
| 2023-02-25 | CVE-2023-26550 | SQL Injection vulnerability in BMC Control-M 9.0.18/9.0.19/9.0.20 A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field. | 9.8 |