CVE-2024-1604

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Mar 18, 2024

CWE ID 863

Summary

CVE-2024-1604 is a vulnerability affecting the report management and creation module in BMC Control-M branches 9.0.20 and 9.0.21. This issue results in improper authorization, enabling logged-in users to read and manipulate reports unauthorizedly, even without the necessary permissions. The attacker requires knowledge of the report's unique identifier to exploit this vulnerability. Fixes have been released, with version 9.0.20.238 addressing the issue for branch 9.0.20, and version 9.0.21.201 handling it for branch 9.0.21.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ukYpSE
https://www.cve.org/CVERecord?id=CVE-2024-1604
https://nvd.nist.gov/vuln/detail/CVE-2024-1604

Back to Vulnerability Database

CVE-2024-1604

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations