A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server.
This vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier unsupported versions.
Metrics
Affected Vendors & Products
References
History
Wed, 01 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Bmc
Bmc control-m/server |
|
| Vendors & Products |
Bmc
Bmc control-m/server |
Wed, 01 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 08:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier unsupported versions. | |
| Title | Unauthenticated command injection in Control-M/Server communication command | |
| Weaknesses | CWE-305 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: airbus
Published:
Updated: 2026-07-01T12:29:09.837Z
Reserved: 2026-06-01T12:16:11.016Z
Link: CVE-2026-10539
Updated: 2026-07-01T12:29:06.500Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T18:15:15Z