VYPR

Software Control M Agent

by BMC Software

CVEs (17)

  • CVE-2025-55118HigSep 16, 2025
    risk 0.58cvss 8.9epss 0.00

    Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent…

  • CVE-2025-55110MedSep 16, 2025
    risk 0.36cvss 5.5epss 0.00

    Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password.

  • CVE-2025-55114MedSep 16, 2025
    risk 0.34cvss 5.3epss 0.00

    The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default…

  • CVE-2025-55117Sep 16, 2025
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default…

  • CVE-2025-55116Sep 16, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.

  • CVE-2025-55115Sep 16, 2025
    risk 0.00cvss epss 0.00

    A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.…

  • CVE-2025-55113Sep 16, 2025
    risk 0.00cvss epss 0.00

    If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions),…

  • CVE-2025-55112Sep 16, 2025
    risk 0.00cvss epss 0.00

    Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt…

  • CVE-2025-55111Sep 16, 2025
    risk 0.00cvss epss 0.00

    Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and…

  • CVE-2025-55109Sep 16, 2025
    risk 0.00cvss epss 0.00

    An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed…

  • CVE-2019-19215Apr 30, 2020
    risk 0.00cvss epss 0.02

    A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server.

  • CVE-2019-19216Apr 30, 2020
    risk 0.00cvss epss 0.01

    BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy.

  • CVE-2019-19217Apr 30, 2020
    risk 0.00cvss epss 0.02

    BMC Control-M/Agent 7.0.00.000 allows OS Command Injection.

  • CVE-2019-19218Apr 30, 2020
    risk 0.00cvss epss 0.01

    BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage.

  • CVE-2019-19219Apr 30, 2020
    risk 0.00cvss epss 0.01

    BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download.

  • CVE-2019-19220Apr 30, 2020
    risk 0.00cvss epss 0.02

    BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2).

  • CVE-2005-3311Oct 26, 2005
    risk 0.00cvss epss 0.00

    BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files.