Vulnerabilities > BMC > Control M

DATE CVE VULNERABILITY TITLE RISK
2023-07-31 CVE-2023-39122 SQL Injection vulnerability in BMC Control-M
BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter.
network
low complexity
bmc CWE-89
critical
9.8
2023-02-25 CVE-2023-26550 SQL Injection vulnerability in BMC Control-M
A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.
network
low complexity
bmc CWE-89
critical
9.8