Dawid Maåecki

**Name of the Vulnerable Software and Affected Versions** BMC Control-M versions 9.0.20 through 9.0.21 **Description** The issue is related to improper authorization in the report management and creation module, allowing logged-in users to read and make unauthorized changes to any reports within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. **Recommendations** For version 9.0.20, update to version 9.0.20.238 to resolve the issue. For version 9.0.21, update to version 9.0.21.201 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BMC Control-M versions 9.0.20 through 9.0.21 **Description** The issue arises when BMC Control-M loads all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users upon user login. This can be leveraged to load potentially malicious libraries, which will execute with the application's privileges. **Recommendations** For version 9.0.20, update to version 9.0.20.238 to resolve the issue. For version 9.0.21, update to version 9.0.21.201 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BMC Control-M versions 9.0.20 through 9.0.21 **Description** The issue is related to a lack of input sanitization, allowing logged-in users to manipulate generated web pages via injection of HTML code. This could lead to a successful phishing attack, for example, by tricking users into using a hyperlink pointing to a website controlled by an attacker. **Recommendations** For version 9.0.20, update to version 9.0.20.238 to resolve the issue. For version 9.0.21, update to version 9.0.21.200 to resolve the issue. As a temporary workaround, consider restricting access to generated web pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Software versions prior to 11.1.x **Description** The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint "/sofer/DocumentService.asc/SaveAnnotation", where input data transmitted via the POST method in the parameters `author` and `text` are not adequately sanitized and validated. This allows for the injection of malicious JavaScript code. The vulnerability was identified in the function for adding new annotations while editing document content. **Recommendations** For versions prior to 11.1.x, update to a version above 11.1.x to resolve the issue. As a temporary workaround, consider restricting access to the "/sofer/DocumentService.asc/SaveAnnotation" endpoint or disabling the function for adding new annotations until a patch is available. Avoid using the parameters `author` and `text` in the affected API endpoint until the issue is resolved.