Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DLL side-loading in BMC Control-M
Vulnerability Description
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Vulnerability Type
缺省权限不正确
Vulnerability Title
BMC Control-M 安全漏洞
Vulnerability Description
BMC Control-M是BMC公司的一个应用程序。简化了本地或作为服务的应用程序和数据工作流编排。 BMC Control-M branches 9.0.20版本和9.0.21版本存在安全漏洞,该漏洞源于允许在用户登录时从所有用户具有写入和读取权限的目录加载动态链接库(DLL)。
CVSS Information
N/A
Vulnerability Type
N/A