Vulnerability Description
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bmc | Control-M | >= 9.0.20, < 9.0.20.238 |
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2024/03/CVE-2024-1604Third Party Advisory
- https://cert.pl/posts/2024/03/CVE-2024-1604Third Party Advisory
- https://www.bmc.com/it-solutions/control-m.htmlProduct
- https://cert.pl/en/posts/2024/03/CVE-2024-1604Third Party Advisory
- https://cert.pl/posts/2024/03/CVE-2024-1604Third Party Advisory
- https://www.bmc.com/it-solutions/control-m.htmlProduct
FAQ
What is CVE-2024-1606?
CVE-2024-1606 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phi...
How severe is CVE-2024-1606?
CVE-2024-1606 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1606?
Check the references section above for vendor advisories and patch information. Affected products include: Bmc Control-M.