Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

BMC — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting BMC. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by BMC:Control-M/AgentTrack-It!Control-MControl-M/Server
CVE IDTitleCVSSSeverityPublished
CVE-2025-55108 BMC Control-M/Agent default configuration does not enforce SSL/TLS allowing unauthorized actions and remote code execution — Control-M/AgentCWE-306 10.0 Critical2025-11-05
CVE-2025-55118 BMC Control-M/Agent memory corruption in SSL/TLS communication — Control-M/AgentCWE-122 8.9 High2025-09-16
CVE-2025-55117 BMC Control-M/Agent buffer overflow in SSL/TLS communication — Control-M/AgentCWE-121 5.3 Medium2025-09-16
CVE-2025-55116 BMC Control-M/Agent buffer overflow local privilege escalation — Control-M/AgentCWE-121 8.8 High2025-09-16
CVE-2025-55115 BMC Control-M/Agent path traversal local privilege escalation — Control-M/AgentCWE-23 8.8 High2025-09-16
CVE-2025-55114 BMC Control-M/Agent improper IP address filtering order — Control-M/AgentCWE-696 5.3 Medium2025-09-16
CVE-2025-55113 BMC Control-M/Agent unescaped NULL byte in access control list checks — Control-M/AgentCWE-158 9.0 Critical2025-09-16
CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys — Control-M/AgentCWE-321 7.4 High2025-09-16
CVE-2025-55111 BMC Control-M/Agent insecure default file permissions — Control-M/AgentCWE-276 5.5 Medium2025-09-16
CVE-2025-55110 BMC Control-M/Agent hardcoded default keystore password — Control-M/AgentCWE-1392 5.5 Medium2025-09-16
CVE-2025-55109 BMC Control-M/Agent default SSL/TLS configuration authenticated bypass — Control-M/AgentCWE-295 9.0 Critical2025-09-16
CVE-2025-48709 BMC Control-M/Server cleartext database credentials in process lists and logs — Control-M/ServerCWE-532 3.8 Low2025-08-07
CVE-2021-35002 BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability — Track-It!CWE-434 8.8 -2024-05-07
CVE-2021-35001 BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability — Track-It!CWE-862 6.5 -2024-05-07
CVE-2024-1606 HTML injection in BMC Control-M — Control-MCWE-80 4.6 Medium2024-03-18
CVE-2024-1605 DLL side-loading in BMC Control-M — Control-MCWE-276 6.6 Medium2024-03-18
CVE-2024-1604 Incorrect authorization in BMC Control-M — Control-MCWE-639 6.4 Medium2024-03-18
CVE-2022-35865 BMC Community Track-It! 访问控制错误漏洞 — Track-It!CWE-306 9.8 -2022-08-03
CVE-2022-35864 BMC Community Track-It! SQL注入漏洞 — Track-It!CWE-89 6.5 -2022-08-03
CVE-2022-24047 Track-It! 授权问题漏洞 — Track-It!CWE-288 9.8 -2022-02-18

This page lists every published CVE security advisory associated with BMC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.