PT-2024-18165 · Bmc · Bmc Control-M

Dawid Maåecki

Published

2024-03-18

Updated

2024-10-10

CVE-2024-1604

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions BMC Control-M versions 9.0.20 through 9.0.21

Description The issue is related to improper authorization in the report management and creation module, allowing logged-in users to read and make unauthorized changes to any reports within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate.

Recommendations For version 9.0.20, update to version 9.0.20.238 to resolve the issue. For version 9.0.21, update to version 9.0.21.201 to resolve the issue.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2024-1604

Affected Products

Bmc Control-M

PT-2024-18165 · Bmc · Bmc Control-M

CVE-2024-1604

Weakness Enumeration

Related Identifiers

Affected Products

References · 8