1. Home
  2. CVE Database
  3. CVE-2024-1605
MEDIUM · 6.6

CVE-2024-1605

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of...

Vulnerability Description

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.

CVSS Score

6.6

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
BmcControl-M>= 9.0.20, < 9.0.20.238

Related Weaknesses (CWE)

CWE-276

References

FAQ

What is CVE-2024-1605?

CVE-2024-1605 is a vulnerability with a CVSS score of 6.6 (MEDIUM). BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of...

How severe is CVE-2024-1605?

CVE-2024-1605 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-1605?

Check the references section above for vendor advisories and patch information. Affected products include: Bmc Control-M.