PT-2020-10095 · Bmc · Bmc Control-M/Agent

Published

2020-04-30

Updated

2020-05-26

CVE-2019-19215

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BMC Control-M/Agent version 7.0.00.000

Description A buffer overflow issue exists when the On-Do action destination is set to Mail and the Control-M/Agent is configured to send emails. This allows remote attackers to have an unspecified impact via vectors related to the configured IP address or SMTP server.

Recommendations For BMC Control-M/Agent version 7.0.00.000, consider disabling the email sending functionality when the On-Do action destination is set to Mail as a temporary workaround until a patch is available. Restrict access to the configured IP address or SMTP server to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2019-19215

Affected Products

Bmc Control-M/Agent

PT-2020-10095 · Bmc · Bmc Control-M/Agent

CVE-2019-19215

Weakness Enumeration

Related Identifiers

Affected Products

References · 5