PT-2024-18166 · Bmc · Bmc Control-M
Dawid Maåecki
+1
·
Published
2024-03-18
·
Updated
2024-10-10
·
CVE-2024-1605
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BMC Control-M versions 9.0.20 through 9.0.21
Description
The issue arises when BMC Control-M loads all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users upon user login. This can be leveraged to load potentially malicious libraries, which will execute with the application's privileges.
Recommendations
For version 9.0.20, update to version 9.0.20.238 to resolve the issue.
For version 9.0.21, update to version 9.0.21.201 to resolve the issue.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bmc Control-M