This vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier unsupported versions.
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 01 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Bmc
Bmc control-m/server |
|
| Vendors & Products |
Bmc
Bmc control-m/server |
Wed, 01 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 08:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier unsupported versions. | |
| Title | Unauthenticated command injection in Control-M/Server communication command | |
| Weaknesses | CWE-305 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: airbus
Published:
Updated: 2026-07-01T12:29:09.837Z
Reserved: 2026-06-01T12:16:11.016Z
Link: CVE-2026-10539
Updated: 2026-07-01T12:29:06.500Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T18:15:15Z