← Back

CVE-2024-1605

nvd nist
Published: Mar 18, 2024Modified: Mar 6, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.

Affected (2)

Products: Bmc: Control M
Bmc
1 product
Control M
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Bmc
Control M
From 9.0.20 to 9.0.20.238
Control M
From 9.0.21 to 9.0.21.201

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

Source: cvd@cert.pl
Third Party Advisory
Source: cvd@cert.pl
Third Party Advisory
Source: cvd@cert.pl
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product

Timeline

No history available yet.