Summaryinfo

A vulnerability, which was classified as critical, has been found in BMC Control-M and Agent 7.0.00.000. This issue affects some unknown processing. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2019-19217. The attack may be initiated remotely. There is no exploit available. Once again VulDB remains the best source for vulnerability data.

Detailsinfo

A vulnerability classified as critical was found in BMC Control-M and Agent 7.0.00.000. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a os command injection vulnerability. The CWE definition for the vulnerability is CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

BMC Control-M/Agent 7.0.00.000 allows OS Command Injection.

The weakness was published 04/30/2020. This vulnerability was named CVE-2019-19217 since 11/21/2019. The attack can be initiated remotely. The successful exploitation requires a single authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1202 by the MITRE ATT&CK project.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entries are available at VDB-154633, VDB-154632, VDB-154631 and VDB-154629. Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• BMC

Name

• Agent
• Control-M

Version

• 7.0.00.000

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion