Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect authorization in BMC Control-M
Vulnerability Description
Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
BMC Control-M 安全漏洞
Vulnerability Description
BMC Control-M是BMC公司的一个应用程序。简化了本地或作为服务的应用程序和数据工作流编排。 BMC Control-M branches 9.0.20版本和9.0.21版本存在安全漏洞,该漏洞源于report management and creation模块中存在授权不当问题,允许登录的用户读取并对程序进行未授权操作。
CVSS Information
N/A
Vulnerability Type
N/A