An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface.

CVSS: 9.8 · CWE: CWE-798

View on NVD

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unauthorized access.

CVSS: 7.5 · CWE: CWE-284

View on NVD

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable arbitrary file read/write operations and potentially lead to remote code execution.

CVSS: 8.8 · CWE: CWE-89

View on NVD

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration). NOTE:  * The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use s…

CVSS: 10.0 · CWE: CWE-306

View on NVD

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n"

CVSS: 8.9 · CWE: CWE-122

View on NVD

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.

CVSS: 8.8 · CWE: CWE-121

View on NVD

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.

CVSS: 8.8 · CWE: CWE-23

View on NVD

If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An…

CVSS: 9.0 · CWE: CWE-158

View on NVD

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server.

CVSS: 7.4 · CWE: CWE-321

View on NVD

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate autho…

CVSS: 9.0 · CWE: CWE-295

View on NVD

BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).

CVSS: 9.8 · CWE: CWE-89

View on NVD

A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.

CVSS: 9.8 · CWE: CWE-89

View on NVD

BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2).

CVSS: 8.8 · CWE: CWE-78

View on NVD

BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download.

CVSS: 7.5 · CWE: N/A

View on NVD

BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage.

CVSS: 7.5 · CWE: CWE-522

View on NVD

BMC Control-M/Agent 7.0.00.000 allows OS Command Injection.

CVSS: 8.8 · CWE: CWE-78

View on NVD

BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy.

CVSS: 8.8 · CWE: CWE-269

View on NVD

A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server.

CVSS: 8.8 · CWE: CWE-120

View on NVD

In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue.

CVSS: 7.8 · CWE: CWE-264

View on NVD