Every CVE whose affected-product data names Bmc Control-m, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-26550 — CVSS 9.8 (critical): A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON…
CVE-2023-39122 — CVSS 9.8 (critical): BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21…
CVE-2024-1605 — CVSS 6.6 (medium): BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read…
CVE-2024-1604 — CVSS 6.4 (medium): Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to…
CVE-2024-1606 — CVSS 4.6 (medium): Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via…