漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
BMC Control-M/Agent default configuration does not enforce SSL/TLS allowing unauthorized actions and remote code execution
Vulnerability Description
The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration). NOTE: * The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent. * The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
BMC Control-M/Agent 安全漏洞
Vulnerability Description
BMC Control-M/Agent是美国BMC公司的一个工作负载自动化系统。 BMC Control-M/Agent存在安全漏洞,该漏洞源于未启用相互SSL/TLS身份验证,可能导致未经验证的远程代码执行、任意文件读写和类似未授权操作。
CVSS Information
N/A
Vulnerability Type
N/A