CNNVD-202509-2517 Information
CNNVD ID
CNNVD-202509-2517
Related CVE
- CNNVD Published: 2025-09-16
Description (Chinese)
BMC Control-M是BMC公司的一个应用程序。简化了本地或作为服务的应用程序和数据工作流编排。 BMC Control-M 9.0.18版本至9.0.20版本存在安全漏洞,该漏洞源于客户端证书中电子邮件地址遇到NULL字节时停止验证,可能导致绕过配置的访问控制列表。
Description (English)
BMC Control-M is an application of BMC. Simplified local or service-based applications and data workflow. BMC Control-M versions 9.0.18 to 9.0.20 have a security loophole, which arises from the fact that NULL bytes stopped when an e-mail address in the client certificate was encountered, which could result in bypassing the configured access control list.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
BMC
Published
2025-09-16
Last Modified
2026-02-24
References
https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441967 https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099 https://access.redhat.com/security/cve/cve-2025-55113
Patch
https://www.bmc.com/available/edownloads.html
Share on: