Unrated severityNVD Advisory· Published Mar 18, 2024· Updated Aug 27, 2024
HTML injection in BMC Control-M
CVE-2024-1606
Description
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker.
Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
29.0.20 before 9.0.20.238 and 9.0.21 before 9.0.21.200+ 1 more
- (no CPE)range: 9.0.20 before 9.0.20.238 and 9.0.21 before 9.0.21.200
- (no CPE)range: 9.0.20
Patches
Vulnerability mechanics
References
3- cert.pl/en/posts/2024/03/CVE-2024-1604mitrethird-party-advisory
- cert.pl/posts/2024/03/CVE-2024-1604mitrethird-party-advisory
- www.bmc.com/it-solutions/control-m.htmlmitreproduct
News mentions
0No linked articles in our index yet.