VYPR
Unrated severityNVD Advisory· Published Mar 18, 2024· Updated Apr 10, 2025

DLL side-loading in BMC Control-M

CVE-2024-1605

Description

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges.

Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • BMC Software/Control-M/MFTllm-fuzzy2 versions
    branch 9.0.20 <9.0.20.238, branch 9.0.21 <9.0.21.201+ 1 more
    • (no CPE)range: branch 9.0.20 <9.0.20.238, branch 9.0.21 <9.0.21.201
    • (no CPE)range: 9.0.20

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.