Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate.
Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.
Metrics
Affected Vendors & Products
References
History
Fri, 11 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Bmc
Bmc control-m |
|
CPEs | cpe:2.3:a:bmc:control-m:*:*:*:*:*:*:*:* | |
Vendors & Products |
Bmc
Bmc control-m |
|
Metrics |
ssvc
|
Thu, 10 Oct 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-863 |
Thu, 10 Oct 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. | Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. |
Weaknesses | CWE-639 |
MITRE
Status: PUBLISHED
Assigner: CERT-PL
Published: 2024-03-18T09:59:35.514Z
Updated: 2024-10-10T15:36:14.867Z
Reserved: 2024-02-18T21:40:57.651Z
Link: CVE-2024-1604
Vulnrichment
Updated: 2024-08-01T18:48:21.988Z
NVD
Status : Awaiting Analysis
Published: 2024-03-18T10:15:19.900
Modified: 2024-11-21T08:50:55.637
Link: CVE-2024-1604
Redhat
No data.