Vulnerability Details CVE-2023-39122
BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.1%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-39122
-
cpe:2.3:a:bmc:control-m:-
-
cpe:2.3:a:bmc:control-m:9.0.18
-
cpe:2.3:a:bmc:control-m:9.0.19
-
cpe:2.3:a:bmc:control-m:9.0.20
-
cpe:2.3:a:bmc:control-m:9.0.20.214
-
cpe:2.3:a:bmc:control-m:9.0.20.238