Control M/Server
Approved changes feed: RSS · Atom
cpe:2.3:a:bmc:control-m/server:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Bmc (41db0501-28a3-55f2-9e02-2ebb9bfb3ab9) |
|---|---|
| Product | Control M/Server (582a0b96-c4c9-54a1-9f74-78deb488b0c7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-48709 |
vulnerable | 2026-06-03 15:01:35.180823 |
BMC Control-M/Server cleartext database credentials in process lists and logs
LOW (3.8)
BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on, it runs 'DBUStatus.exe' frequently, which then calls 'dbu_connection_details.vbs' with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations. Fixed in PACTV.9.0.21.307.
Published: 2025-08-07T00:00:00.000Z
Updated: 2025-12-01T21:57:06.906Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.