N/A

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unauthorized access.

N/A

N/A

BMC Control-M/MFT 安全漏洞

BMC Control-M/MFT是美国BMC公司的一款企业级文件传输与作业调度集成管理的自动化软件。 BMC Control-M/MFT 9.0.22及之前版本存在安全漏洞，该漏洞源于API管理端点允许未经验证的用户获取API标识符和密钥，可能导致未经授权访问。

N/A

N/A