Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Bmc
Bmc control-m
CPEs cpe:2.3:a:bmc:control-m:*:*:*:*:*:*:*:*
Vendors & Products Bmc
Bmc control-m
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 10 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863

Thu, 10 Oct 2024 15:45:00 +0000

Type Values Removed Values Added
Description Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.
Weaknesses CWE-639

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-03-18T09:59:35.514Z

Updated: 2024-10-10T15:36:14.867Z

Reserved: 2024-02-18T21:40:57.651Z

Link: CVE-2024-1604

cve-icon Vulnrichment

Updated: 2024-08-01T18:48:21.988Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-18T10:15:19.900

Modified: 2024-11-21T08:50:55.637

Link: CVE-2024-1604

cve-icon Redhat

No data.