Vulnerabilities > BMC > Control M > 9.0.21

DATE CVE VULNERABILITY TITLE RISK
2024-03-18 CVE-2024-1604 Authorization Bypass Through User-Controlled Key vulnerability in BMC Control-M 9.0.20/9.0.20.214/9.0.21
Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions.
network
high complexity
bmc CWE-639
6.8
6.8
2024-03-18 CVE-2024-1605 Incorrect Default Permissions vulnerability in BMC Control-M 9.0.20/9.0.20.214/9.0.21
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users.
local
low complexity
bmc CWE-276
7.8
7.8
2024-03-18 CVE-2024-1606 Unspecified vulnerability in BMC Control-M 9.0.20/9.0.20.214/9.0.21
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code.
network
low complexity
bmc
5.4
5.4