CVE-2024-1606
HTML injection in BMC Control-M
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200.
La falta de sanitización de entradas en las ramas 9.0.20 y 9.0.21 de BMC Control-M permite a los usuarios registrados manipular las páginas web generadas mediante la inyección de código HTML. Esto podría conducir a un ataque de phishing exitoso, por ejemplo, engañando a los usuarios para que utilicen un hipervínculo que apunte a un sitio web controlado por un atacante. La solución para la rama 9.0.20 se lanzó en la versión 9.0.20.238. La solución para la rama 9.0.21 se lanzó en la versión 9.0.21.200.
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-02-18 CVE Reserved
- 2024-03-18 CVE Published
- 2024-03-19 EPSS Updated
- 2024-08-27 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://cert.pl/en/posts/2024/03/CVE-2024-1604 | Third Party Advisory | |
| https://cert.pl/posts/2024/03/CVE-2024-1604 | Third Party Advisory | |
| https://www.bmc.com/it-solutions/control-m.html | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| BMC Search vendor "BMC" | Control-M Search vendor "BMC" for product "Control-M" | >= 9.0.20.0 < 9.0.20.238 Search vendor "BMC" for product "Control-M" and version " >= 9.0.20.0 < 9.0.20.238" | en |
Affected
| ||||||
| BMC Search vendor "BMC" | Control-M Search vendor "BMC" for product "Control-M" | >= 9.0.21.0 < 9.0.21.200 Search vendor "BMC" for product "Control-M" and version " >= 9.0.21.0 < 9.0.21.200" | en |
Affected
| ||||||