DojoSecurity/BMC-Control-M-Unauthenticated-SQL-Injection

Releases0

Stars2

BMC Control-M Unauthenticated SQL Injection

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-39122 ↗	Jul 31, 2023Monday, 31 July 2023, 23:15	9.8 CRITICAL	—
BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).