exploitDog

CVE-2025-55112

Опубликовано: 16 сент. 2025

Источник: nvd

CVSS3: 7.4

EPSS Низкий

Описание

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server.

Ссылки

https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441966
Vendor Advisory
https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bmc:control-m\/agent:*:*:*:*:*:*:*:*

Версия до 9.0.20.200 (включая)

EPSS

Процентиль: 5%

0.00021

Низкий

7.4 High

CVSS3

Дефекты

CWE-321

Связанные уязвимости

GHSA-grqv-c4p4-jp68

CVSS3: 7.4

github

5 месяцев назад

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server.

EPSS

Процентиль: 5%

0.00021

Низкий

7.4 High

CVSS3

Дефекты

CWE-321