VYPR
Unrated severityNVD Advisory· Published Mar 18, 2024· Updated Aug 27, 2024

HTML injection in BMC Control-M

CVE-2024-1606

Description

Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker.

Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • BMC Software/Control-M/MFTllm-fuzzy2 versions
    9.0.20 before 9.0.20.238 and 9.0.21 before 9.0.21.200+ 1 more
    • (no CPE)range: 9.0.20 before 9.0.20.238 and 9.0.21 before 9.0.21.200
    • (no CPE)range: 9.0.20

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.