Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for Control-M/Agent by BMC

    CVE-2025-55108 (GCVE-0-2025-55108)

    Vulnerability from nvd – Published: 2025-11-05 09:07 – Updated: 2026-02-26 17:47
    VLAI
    Title
    BMC Control-M/Agent default configuration does not enforce SSL/TLS allowing unauthorized actions and remote code execution
    Summary
    The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration). NOTE:  * The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent. * The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Affected: 9.0.22 (semver)
    Affected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55108",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-06T04:55:31.617902Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:16.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.22",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eThe Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration).\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003e\u003cp\u003e\u003ci\u003eNOTE:\u0026nbsp;\u003c/i\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ci\u003eThe vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent.\u003c/i\u003e\u003ci\u003e\u003cbr\u003e\u003c/i\u003e\u003c/li\u003e\u003cli\u003e\u003ci\u003eThe vendor notifies that Control-M/Agent is not impacted in Control-M SaaS\u003c/i\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration).\n\n\nNOTE:\u00a0\n\n  *  The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent.\n\n  *  The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-18T12:33:27.896Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441962"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442271"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent default configuration does not enforce SSL/TLS allowing unauthorized actions and remote code execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55108",
        "datePublished": "2025-11-05T09:07:29.915Z",
        "dateReserved": "2025-08-07T07:23:59.124Z",
        "dateUpdated": "2026-02-26T17:47:16.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55118 (GCVE-0-2025-55118)

    Vulnerability from nvd – Published: 2025-09-16 12:23 – Updated: 2025-11-18 12:32
    VLAI
    Title
    BMC Control-M/Agent memory corruption in SSL/TLS communication
    Summary
    Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n"
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    • CWE-125 - Out-of-bounds Read
    • CWE-787 - Out-of-bounds Write
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    • CWE-665 - Improper Initialization
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    • CWE-415 - Double Free
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Affected: 9.0.22.000 (semver)
    Affected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55118",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T13:16:52.586669Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T13:18:14.096Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.22.000",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eMemory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe issue occurs in the following cases:\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003eControl-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting \"use_openssl=n\";\u003c/li\u003e\u003cli\u003eControl-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings \"JAVA_AR=N\" and \"use_openssl=n\"\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured.\n\n\nThe issue occurs in the following cases:\n\n  *  Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting \"use_openssl=n\";\n  *  Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings \"JAVA_AR=N\" and \"use_openssl=n\""
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665 Improper Initialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415 Double Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-18T12:32:45.651Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441972"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent memory corruption in SSL/TLS communication",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55118",
        "datePublished": "2025-09-16T12:23:39.683Z",
        "dateReserved": "2025-08-07T07:24:22.470Z",
        "dateUpdated": "2025-11-18T12:32:45.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55117 (GCVE-0-2025-55117)

    Vulnerability from nvd – Published: 2025-09-16 12:22 – Updated: 2025-09-16 13:18
    VLAI
    Title
    BMC Control-M/Agent buffer overflow in SSL/TLS communication
    Summary
    A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n".
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Affected: 9.0.22.000 (semver)
    Affected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55117",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T13:17:00.659377Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T13:18:02.597Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.22.000",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eA stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe issue occurs in the following cases:\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003eControl-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting \"use_openssl=n\";\u003c/li\u003e\u003cli\u003eControl-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings \"JAVA_AR=N\" and \"use_openssl=n\".\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured.\n\n\nThe issue occurs in the following cases:\n\n  *  Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting \"use_openssl=n\";\n  *  Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings \"JAVA_AR=N\" and \"use_openssl=n\"."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:22:58.166Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441972"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent buffer overflow in SSL/TLS communication",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55117",
        "datePublished": "2025-09-16T12:22:58.166Z",
        "dateReserved": "2025-08-07T07:24:22.470Z",
        "dateUpdated": "2025-09-16T13:18:02.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55116 (GCVE-0-2025-55116)

    Vulnerability from nvd – Published: 2025-09-16 12:22 – Updated: 2026-02-26 17:48
    VLAI
    Title
    BMC Control-M/Agent buffer overflow local privilege escalation
    Summary
    A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Unaffected: 9.0.21 (semver)
    Unaffected: 9.0.20.100 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com Airbus SAS - Mathieu Baudon - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55116",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T03:55:51.769560Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:31.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "9.0.20.100",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Airbus SAS - Mathieu Baudon - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eA buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent.\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.\u003c/span\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent.\n\nThis vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:22:23.865Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441969"
            }
          ],
          "source": {
            "defect": [
              "CTM-4553"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent buffer overflow local privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55116",
        "datePublished": "2025-09-16T12:22:23.865Z",
        "dateReserved": "2025-08-07T07:24:22.470Z",
        "dateUpdated": "2026-02-26T17:48:31.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55115 (GCVE-0-2025-55115)

    Vulnerability from nvd – Published: 2025-09-16 12:21 – Updated: 2026-02-26 17:48
    VLAI
    Title
    BMC Control-M/Agent path traversal local privilege escalation
    Summary
    A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Unaffected: 9.0.21 (semver)
    Unaffected: 9.0.20.100 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55115",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T03:55:52.566677Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:31.720Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "9.0.20.100",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.\u003cu\u003e\u003c/u\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e"
                }
              ],
              "value": "A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:21:51.089Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441969"
            }
          ],
          "source": {
            "defect": [
              "CTM-5157"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent path traversal local privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55115",
        "datePublished": "2025-09-16T12:21:51.089Z",
        "dateReserved": "2025-08-07T07:24:22.470Z",
        "dateUpdated": "2026-02-26T17:48:31.720Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55114 (GCVE-0-2025-55114)

    Vulnerability from nvd – Published: 2025-09-16 12:20 – Updated: 2025-09-16 13:17
    VLAI
    Title
    BMC Control-M/Agent improper IP address filtering order
    Summary
    The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-2025-55117 or CVE-2025-55118) or potentially to resource exhaustion.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-696 - Incorrect Behavior Order
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Unaffected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55114",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T13:17:25.002139Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T13:17:35.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eThe improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-2025-55117 or CVE-2025-55118) or potentially to resource exhaustion.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-2025-55117 or CVE-2025-55118) or potentially to resource exhaustion."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-696",
                  "description": "CWE-696 Incorrect Behavior Order",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:20:30.958Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441968"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent improper IP address filtering order",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55114",
        "datePublished": "2025-09-16T12:20:30.958Z",
        "dateReserved": "2025-08-07T07:24:22.470Z",
        "dateUpdated": "2025-09-16T13:17:35.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55113 (GCVE-0-2025-55113)

    Vulnerability from nvd – Published: 2025-09-16 12:20 – Updated: 2026-02-26 17:48
    VLAI
    Title
    BMC Control-M/Agent unescaped NULL byte in access control list checks
    Summary
    If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker could bypass configured ACLs by using a specially crafted certificate.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-158 - Improper Neutralization of Null Byte or NUL Character
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Affected: 9.0.22.000 (semver)
    Affected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55113",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T03:55:53.399493Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:31.863Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.22.000",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eIf the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker could bypass configured ACLs by using a specially crafted certificate.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker could bypass configured ACLs by using a specially crafted certificate."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-158",
                  "description": "CWE-158 Improper Neutralization of Null Byte or NUL Character",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:20:03.820Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441967"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent unescaped NULL byte in access control list checks",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55113",
        "datePublished": "2025-09-16T12:20:03.820Z",
        "dateReserved": "2025-08-07T07:24:22.470Z",
        "dateUpdated": "2026-02-26T17:48:31.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55112 (GCVE-0-2025-55112)

    Vulnerability from nvd – Published: 2025-09-16 12:19 – Updated: 2026-02-26 17:48
    VLAI
    Title
    BMC Control-M/Agent hardcoded Blowfish keys
    Summary
    Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Unaffected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T03:55:55.095854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:32.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003eOut-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server.\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321 Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:19:24.308Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441966"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent hardcoded Blowfish keys",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55112",
        "datePublished": "2025-09-16T12:19:24.308Z",
        "dateReserved": "2025-08-07T07:23:59.125Z",
        "dateUpdated": "2026-02-26T17:48:32.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55111 (GCVE-0-2025-55111)

    Vulnerability from nvd – Published: 2025-09-16 12:18 – Updated: 2025-09-16 18:29
    VLAI
    Title
    BMC Control-M/Agent insecure default file permissions
    Summary
    Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Unaffected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55111",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T18:26:11.569826Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T18:29:31.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003eCertain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files.\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:18:22.878Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441965"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent insecure default file permissions",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55111",
        "datePublished": "2025-09-16T12:18:22.878Z",
        "dateReserved": "2025-08-07T07:23:59.125Z",
        "dateUpdated": "2025-09-16T18:29:31.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55110 (GCVE-0-2025-55110)

    Vulnerability from nvd – Published: 2025-09-16 12:16 – Updated: 2025-09-16 18:29
    VLAI
    Title
    BMC Control-M/Agent hardcoded default keystore password
    Summary
    Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Affected: 9.0.22 (semver)
    Affected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55110",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T18:29:41.651737Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T18:29:54.062Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.22",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eControl-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented.\u003c/div\u003e\u003cdiv\u003eAn attacker with read access to the keystore could access sensitive data using this password.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented.\n\nAn attacker with read access to the keystore could access sensitive data using this password."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392 Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:16:57.669Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441964"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent hardcoded default keystore password",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55110",
        "datePublished": "2025-09-16T12:16:57.669Z",
        "dateReserved": "2025-08-07T07:23:59.125Z",
        "dateUpdated": "2025-09-16T18:29:54.062Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55109 (GCVE-0-2025-55109)

    Vulnerability from nvd – Published: 2025-09-16 12:14 – Updated: 2026-02-26 17:48
    VLAI
    Title
    BMC Control-M/Agent default SSL/TLS configuration authenticated bypass
    Summary
    An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent. The Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired. In addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Unaffected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55109",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T03:55:55.926080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:32.752Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAn authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent.\u003c/p\u003eThe Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eIn addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent.\n\nThe Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired.\n\n\nIn addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:14:36.357Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441963"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent default SSL/TLS configuration authenticated bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55109",
        "datePublished": "2025-09-16T12:14:36.357Z",
        "dateReserved": "2025-08-07T07:23:59.125Z",
        "dateUpdated": "2026-02-26T17:48:32.752Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55108 (GCVE-0-2025-55108)

    Vulnerability from cvelistv5 – Published: 2025-11-05 09:07 – Updated: 2026-02-26 17:47
    VLAI
    Title
    BMC Control-M/Agent default configuration does not enforce SSL/TLS allowing unauthorized actions and remote code execution
    Summary
    The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration). NOTE:  * The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent. * The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Affected: 9.0.22 (semver)
    Affected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55108",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-06T04:55:31.617902Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:16.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.22",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eThe Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration).\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003e\u003cp\u003e\u003ci\u003eNOTE:\u0026nbsp;\u003c/i\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ci\u003eThe vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent.\u003c/i\u003e\u003ci\u003e\u003cbr\u003e\u003c/i\u003e\u003c/li\u003e\u003cli\u003e\u003ci\u003eThe vendor notifies that Control-M/Agent is not impacted in Control-M SaaS\u003c/i\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration).\n\n\nNOTE:\u00a0\n\n  *  The vendor believes that this vulnerability only occurs when documented security best practices are not followed. BMC has always strongly recommended to use security best practices such as configuring SSL/TLS between Control-M Server and Agent.\n\n  *  The vendor notifies that Control-M/Agent is not impacted in Control-M SaaS"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-18T12:33:27.896Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441962"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442271"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent default configuration does not enforce SSL/TLS allowing unauthorized actions and remote code execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55108",
        "datePublished": "2025-11-05T09:07:29.915Z",
        "dateReserved": "2025-08-07T07:23:59.124Z",
        "dateUpdated": "2026-02-26T17:47:16.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55118 (GCVE-0-2025-55118)

    Vulnerability from cvelistv5 – Published: 2025-09-16 12:23 – Updated: 2025-11-18 12:32
    VLAI
    Title
    BMC Control-M/Agent memory corruption in SSL/TLS communication
    Summary
    Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n"
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    • CWE-125 - Out-of-bounds Read
    • CWE-787 - Out-of-bounds Write
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    • CWE-665 - Improper Initialization
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    • CWE-415 - Double Free
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Affected: 9.0.22.000 (semver)
    Affected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55118",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T13:16:52.586669Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T13:18:14.096Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.22.000",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eMemory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe issue occurs in the following cases:\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003eControl-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting \"use_openssl=n\";\u003c/li\u003e\u003cli\u003eControl-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings \"JAVA_AR=N\" and \"use_openssl=n\"\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured.\n\n\nThe issue occurs in the following cases:\n\n  *  Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting \"use_openssl=n\";\n  *  Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings \"JAVA_AR=N\" and \"use_openssl=n\""
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665 Improper Initialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415 Double Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-18T12:32:45.651Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441972"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent memory corruption in SSL/TLS communication",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55118",
        "datePublished": "2025-09-16T12:23:39.683Z",
        "dateReserved": "2025-08-07T07:24:22.470Z",
        "dateUpdated": "2025-11-18T12:32:45.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55117 (GCVE-0-2025-55117)

    Vulnerability from cvelistv5 – Published: 2025-09-16 12:22 – Updated: 2025-09-16 13:18
    VLAI
    Title
    BMC Control-M/Agent buffer overflow in SSL/TLS communication
    Summary
    A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n".
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Affected: 9.0.22.000 (semver)
    Affected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55117",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T13:17:00.659377Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T13:18:02.597Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.22.000",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eA stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe issue occurs in the following cases:\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003eControl-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting \"use_openssl=n\";\u003c/li\u003e\u003cli\u003eControl-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings \"JAVA_AR=N\" and \"use_openssl=n\".\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured.\n\n\nThe issue occurs in the following cases:\n\n  *  Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting \"use_openssl=n\";\n  *  Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings \"JAVA_AR=N\" and \"use_openssl=n\"."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:22:58.166Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441972"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent buffer overflow in SSL/TLS communication",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55117",
        "datePublished": "2025-09-16T12:22:58.166Z",
        "dateReserved": "2025-08-07T07:24:22.470Z",
        "dateUpdated": "2025-09-16T13:18:02.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55116 (GCVE-0-2025-55116)

    Vulnerability from cvelistv5 – Published: 2025-09-16 12:22 – Updated: 2026-02-26 17:48
    VLAI
    Title
    BMC Control-M/Agent buffer overflow local privilege escalation
    Summary
    A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Unaffected: 9.0.21 (semver)
    Unaffected: 9.0.20.100 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com Airbus SAS - Mathieu Baudon - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55116",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T03:55:51.769560Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:31.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "9.0.20.100",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Airbus SAS - Mathieu Baudon - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eA buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent.\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.\u003c/span\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent.\n\nThis vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:22:23.865Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441969"
            }
          ],
          "source": {
            "defect": [
              "CTM-4553"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent buffer overflow local privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55116",
        "datePublished": "2025-09-16T12:22:23.865Z",
        "dateReserved": "2025-08-07T07:24:22.470Z",
        "dateUpdated": "2026-02-26T17:48:31.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55115 (GCVE-0-2025-55115)

    Vulnerability from cvelistv5 – Published: 2025-09-16 12:21 – Updated: 2026-02-26 17:48
    VLAI
    Title
    BMC Control-M/Agent path traversal local privilege escalation
    Summary
    A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Unaffected: 9.0.21 (semver)
    Unaffected: 9.0.20.100 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55115",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T03:55:52.566677Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:31.720Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "9.0.20.100",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above.\u003cu\u003e\u003c/u\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e"
                }
              ],
              "value": "A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:21:51.089Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441969"
            }
          ],
          "source": {
            "defect": [
              "CTM-5157"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent path traversal local privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55115",
        "datePublished": "2025-09-16T12:21:51.089Z",
        "dateReserved": "2025-08-07T07:24:22.470Z",
        "dateUpdated": "2026-02-26T17:48:31.720Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55114 (GCVE-0-2025-55114)

    Vulnerability from cvelistv5 – Published: 2025-09-16 12:20 – Updated: 2025-09-16 13:17
    VLAI
    Title
    BMC Control-M/Agent improper IP address filtering order
    Summary
    The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-2025-55117 or CVE-2025-55118) or potentially to resource exhaustion.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-696 - Incorrect Behavior Order
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Unaffected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55114",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T13:17:25.002139Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T13:17:35.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eThe improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-2025-55117 or CVE-2025-55118) or potentially to resource exhaustion.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-2025-55117 or CVE-2025-55118) or potentially to resource exhaustion."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-696",
                  "description": "CWE-696 Incorrect Behavior Order",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:20:30.958Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441968"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent improper IP address filtering order",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55114",
        "datePublished": "2025-09-16T12:20:30.958Z",
        "dateReserved": "2025-08-07T07:24:22.470Z",
        "dateUpdated": "2025-09-16T13:17:35.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55113 (GCVE-0-2025-55113)

    Vulnerability from cvelistv5 – Published: 2025-09-16 12:20 – Updated: 2026-02-26 17:48
    VLAI
    Title
    BMC Control-M/Agent unescaped NULL byte in access control list checks
    Summary
    If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker could bypass configured ACLs by using a specially crafted certificate.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-158 - Improper Neutralization of Null Byte or NUL Character
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Affected: 9.0.22.000 (semver)
    Affected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55113",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T03:55:53.399493Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:31.863Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.22.000",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eIf the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker could bypass configured ACLs by using a specially crafted certificate.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions; non-default but configurable using the JAVA_AR setting in newer versions), the verification stops at the first NULL byte encountered in the email address referenced in the client certificate. An attacker could bypass configured ACLs by using a specially crafted certificate."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-158",
                  "description": "CWE-158 Improper Neutralization of Null Byte or NUL Character",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:20:03.820Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441967"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent unescaped NULL byte in access control list checks",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55113",
        "datePublished": "2025-09-16T12:20:03.820Z",
        "dateReserved": "2025-08-07T07:24:22.470Z",
        "dateUpdated": "2026-02-26T17:48:31.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55112 (GCVE-0-2025-55112)

    Vulnerability from cvelistv5 – Published: 2025-09-16 12:19 – Updated: 2026-02-26 17:48
    VLAI
    Title
    BMC Control-M/Agent hardcoded Blowfish keys
    Summary
    Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Unaffected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T03:55:55.095854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:32.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003eOut-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server.\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321 Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:19:24.308Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441966"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent hardcoded Blowfish keys",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55112",
        "datePublished": "2025-09-16T12:19:24.308Z",
        "dateReserved": "2025-08-07T07:23:59.125Z",
        "dateUpdated": "2026-02-26T17:48:32.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55111 (GCVE-0-2025-55111)

    Vulnerability from cvelistv5 – Published: 2025-09-16 12:18 – Updated: 2025-09-16 18:29
    VLAI
    Title
    BMC Control-M/Agent insecure default file permissions
    Summary
    Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Unaffected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55111",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T18:26:11.569826Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T18:29:31.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003eCertain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files.\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:18:22.878Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441965"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent insecure default file permissions",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55111",
        "datePublished": "2025-09-16T12:18:22.878Z",
        "dateReserved": "2025-08-07T07:23:59.125Z",
        "dateUpdated": "2025-09-16T18:29:31.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55110 (GCVE-0-2025-55110)

    Vulnerability from cvelistv5 – Published: 2025-09-16 12:16 – Updated: 2025-09-16 18:29
    VLAI
    Title
    BMC Control-M/Agent hardcoded default keystore password
    Summary
    Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Affected: 9.0.22 (semver)
    Affected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55110",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T18:29:41.651737Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T18:29:54.062Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.22",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eControl-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented.\u003c/div\u003e\u003cdiv\u003eAn attacker with read access to the keystore could access sensitive data using this password.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented.\n\nAn attacker with read access to the keystore could access sensitive data using this password."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392 Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:16:57.669Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441964"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent hardcoded default keystore password",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55110",
        "datePublished": "2025-09-16T12:16:57.669Z",
        "dateReserved": "2025-08-07T07:23:59.125Z",
        "dateUpdated": "2025-09-16T18:29:54.062Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55109 (GCVE-0-2025-55109)

    Vulnerability from cvelistv5 – Published: 2025-09-16 12:14 – Updated: 2026-02-26 17:48
    VLAI
    Title
    BMC Control-M/Agent default SSL/TLS configuration authenticated bypass
    Summary
    An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent. The Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired. In addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Vendor Product Version
    BMC Control-M/Agent Unaffected: 9.0.21 (semver)
    Affected: 9.0.20 (semver)
    Affected: 9.0.19 (semver)
    Affected: 9.0.18 (semver)
    Create a notification for this product.
    Credits
    Airbus SAS - Jean-Romain Garnier - seclab@airbus.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55109",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T03:55:55.926080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:32.752Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Control-M/Agent",
              "vendor": "BMC",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "9.0.21",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.20",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.19",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "9.0.18",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAn authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent.\u003c/p\u003eThe Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eIn addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication.\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent.\n\nThe Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired.\n\n\nIn addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-16T12:14:36.357Z",
            "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
            "shortName": "airbus"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
            },
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441963"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BMC Control-M/Agent default SSL/TLS configuration authenticated bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "assignerShortName": "airbus",
        "cveId": "CVE-2025-55109",
        "datePublished": "2025-09-16T12:14:36.357Z",
        "dateReserved": "2025-08-07T07:23:59.125Z",
        "dateUpdated": "2026-02-26T17:48:32.752Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }