Unrated severityNVD Advisory· Published Mar 18, 2024· Updated Apr 10, 2025
DLL side-loading in BMC Control-M
CVE-2024-1605
Description
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges.
Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2branch 9.0.20 <9.0.20.238, branch 9.0.21 <9.0.21.201+ 1 more
- (no CPE)range: branch 9.0.20 <9.0.20.238, branch 9.0.21 <9.0.21.201
- (no CPE)range: 9.0.20
Patches
Vulnerability mechanics
References
3- cert.pl/en/posts/2024/03/CVE-2024-1604mitrethird-party-advisory
- cert.pl/posts/2024/03/CVE-2024-1604mitrethird-party-advisory
- www.bmc.com/it-solutions/control-m.htmlmitreproduct
News mentions
0No linked articles in our index yet.