Vulnerability Description
Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bmc | Control-M | >= 9.0.20, < 9.0.20.238 |
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2024/03/CVE-2024-1604Third Party Advisory
- https://cert.pl/posts/2024/03/CVE-2024-1604Third Party Advisory
- https://www.bmc.com/it-solutions/control-m.htmlProduct
- https://cert.pl/en/posts/2024/03/CVE-2024-1604Third Party Advisory
- https://cert.pl/posts/2024/03/CVE-2024-1604Third Party Advisory
- https://www.bmc.com/it-solutions/control-m.htmlProduct
FAQ
What is CVE-2024-1604?
CVE-2024-1604 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available wi...
How severe is CVE-2024-1604?
CVE-2024-1604 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1604?
Check the references section above for vendor advisories and patch information. Affected products include: Bmc Control-M.