Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-1606

Опубликовано: 18 мар. 2024
Источник: nvd
CVSS3: 4.6
CVSS3: 5.4
EPSS Низкий

Описание

Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker.

Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bmc:control-m:*:*:*:*:*:*:*:*
Версия от 9.0.20 (включая) до 9.0.20.238 (исключая)
cpe:2.3:a:bmc:control-m:*:*:*:*:*:*:*:*
Версия от 9.0.21 (включая) до 9.0.21.201 (исключая)

EPSS

Процентиль: 29%
0.00106
Низкий

4.6 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-80
CWE-79

Связанные уязвимости

github логотип

GHSA-fr8q-pg27-p54p

CVSS3: 4.6
github
почти 2 года назад

Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200.

EPSS

Процентиль: 29%
0.00106
Низкий

4.6 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-80
CWE-79