Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-1606

Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.4%
CVSS Severity
CVSS v3 Score 4.6
Products affected by CVE-2024-1606
  • Bmc » Control-M » Version: 9.0.20
    cpe:2.3:a:bmc:control-m:9.0.20
  • Bmc » Control-M » Version: 9.0.20.214
    cpe:2.3:a:bmc:control-m:9.0.20.214
  • Bmc » Control-M » Version: 9.0.21
    cpe:2.3:a:bmc:control-m:9.0.21
  • Bmc » Control-M » Version: 9.0.21.001
    cpe:2.3:a:bmc:control-m:9.0.21.001
  • Bmc » Control-M » Version: 9.0.21.100
    cpe:2.3:a:bmc:control-m:9.0.21.100
  • Bmc » Control-M » Version: 9.0.21.101
    cpe:2.3:a:bmc:control-m:9.0.21.101
  • Bmc » Control-M » Version: 9.0.21.102
    cpe:2.3:a:bmc:control-m:9.0.21.102
  • Bmc » Control-M » Version: 9.0.21.200
    cpe:2.3:a:bmc:control-m:9.0.21.200


Products
Pricing
Contact Us

Shodan ® - All rights reserved