BMC Control-M/Agent unescaped NULL byte in access control list checks

If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker could bypass configured ACLs by using a specially crafted certificate.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

空字节或NULL字符转义处理不恰当

BMC Control-M 安全漏洞

BMC Control-M是BMC公司的一个应用程序。简化了本地或作为服务的应用程序和数据工作流编排。 BMC Control-M 9.0.18版本至9.0.20版本存在安全漏洞，该漏洞源于客户端证书中电子邮件地址遇到NULL字节时停止验证，可能导致绕过配置的访问控制列表。

N/A

N/A