BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges.
Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: CERT-PL
Published: 2024-03-18T09:59:49.339Z
Updated: 2024-08-01T18:48:20.649Z
Reserved: 2024-02-18T21:40:58.792Z
Link: CVE-2024-1605
Vulnrichment
Updated: 2024-08-01T18:48:20.649Z
NVD
Status : Awaiting Analysis
Published: 2024-03-18T10:15:20.583
Modified: 2024-03-18T12:38:25.490
Link: CVE-2024-1605
Redhat
No data.