CNNVD-202509-2520 Information
CNNVD ID
CNNVD-202509-2520
Related CVE
- CNNVD Published: 2025-09-16
Description (Chinese)
BMC Control-M是BMC公司的一个应用程序。简化了本地或作为服务的应用程序和数据工作流编排。 BMC Control-M 9.0.18版本至9.0.20版本及更早不受支持版本存在安全漏洞,该漏洞源于使用空或默认kdb密钥库或默认PKCS#12密钥库时存在身份验证绕过,可能导致远程攻击者绕过组织证书颁发机构签名的证书要求。
Description (English)
BMC Control-M is an application of BMC. Simplified local or service-based applications and data workflow. BMC Control-M versions 9.0.18 to 9.0.20 and earlier unsupported versions have a security loophole, which stems from the existence of an identification bypass when using either an empty or default kdb key library or a default PKCS#12 key library, which may result in a remote attacker circumventing the certificate requirement for the signature of the organizational certificate issuer.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
BMC
Published
2025-09-16
Last Modified
2026-02-24
References
https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099 https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441963 https://access.redhat.com/security/cve/cve-2025-55109
Patch
https://www.bmc.com/available/edownloads.html
Share on: