PT-2024-18167 · Bmc · Bmc Control-M

Dawid Maåecki

Published

2024-03-18

Updated

2024-03-18

CVE-2024-1606

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions BMC Control-M versions 9.0.20 through 9.0.21

Description The issue is related to a lack of input sanitization, allowing logged-in users to manipulate generated web pages via injection of HTML code. This could lead to a successful phishing attack, for example, by tricking users into using a hyperlink pointing to a website controlled by an attacker.

Recommendations For version 9.0.20, update to version 9.0.20.238 to resolve the issue. For version 9.0.21, update to version 9.0.21.200 to resolve the issue. As a temporary workaround, consider restricting access to generated web pages to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

CVE-2024-1606

Affected Products

Bmc Control-M

PT-2024-18167 · Bmc · Bmc Control-M

CVE-2024-1606

Weakness Enumeration

Related Identifiers

Affected Products

References · 6