Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

BMC — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting BMC. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BMC Software provides enterprise IT service management and automation solutions, primarily serving large organizations for infrastructure monitoring and operational efficiency. With twenty recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These weaknesses often stem from insufficient input validation and improper access controls within its web interfaces and backend services. While no single catastrophic public breach has defined its recent history, the accumulation of these CVEs highlights persistent challenges in securing complex, legacy-heavy enterprise software. The company has responded with regular patches, yet the volume of disclosed issues suggests ongoing difficulties in maintaining robust security postures across its diverse product suite. This profile reflects the technical reality of its current vulnerability landscape without exaggeration or promotional language.

Top products by BMC: Control-M/Agent Track-It! Control-M Control-M/Server
CVE IDTitleCVSSSeverityPublished
CVE-2025-55108 BMC Control-M/Agent default configuration does not enforce SSL/TLS allowing unauthorized actions and remote code execution — Control-M/AgentCWE-306 10.0 Critical2025-11-05
CVE-2025-55118 BMC Control-M/Agent memory corruption in SSL/TLS communication — Control-M/AgentCWE-122 8.9 High2025-09-16
CVE-2025-55117 BMC Control-M/Agent buffer overflow in SSL/TLS communication — Control-M/AgentCWE-121 5.3 Medium2025-09-16
CVE-2025-55116 BMC Control-M/Agent buffer overflow local privilege escalation — Control-M/AgentCWE-121 8.8 High2025-09-16
CVE-2025-55115 BMC Control-M/Agent path traversal local privilege escalation — Control-M/AgentCWE-23 8.8 High2025-09-16
CVE-2025-55114 BMC Control-M/Agent improper IP address filtering order — Control-M/AgentCWE-696 5.3 Medium2025-09-16
CVE-2025-55113 BMC Control-M/Agent unescaped NULL byte in access control list checks — Control-M/AgentCWE-158 9.0 Critical2025-09-16
CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys — Control-M/AgentCWE-321 7.4 High2025-09-16
CVE-2025-55111 BMC Control-M/Agent insecure default file permissions — Control-M/AgentCWE-276 5.5 Medium2025-09-16
CVE-2025-55110 BMC Control-M/Agent hardcoded default keystore password — Control-M/AgentCWE-1392 5.5 Medium2025-09-16
CVE-2025-55109 BMC Control-M/Agent default SSL/TLS configuration authenticated bypass — Control-M/AgentCWE-295 9.0 Critical2025-09-16
CVE-2025-48709 BMC Control-M/Server cleartext database credentials in process lists and logs — Control-M/ServerCWE-532 3.8 Low2025-08-07
CVE-2021-35002 BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability — Track-It!CWE-434 8.8 -2024-05-07
CVE-2021-35001 BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability — Track-It!CWE-862 6.5 -2024-05-07
CVE-2024-1606 HTML injection in BMC Control-M — Control-MCWE-80 4.6 Medium2024-03-18
CVE-2024-1605 DLL side-loading in BMC Control-M — Control-MCWE-276 6.6 Medium2024-03-18
CVE-2024-1604 Incorrect authorization in BMC Control-M — Control-MCWE-639 6.4 Medium2024-03-18
CVE-2022-35865 BMC Community Track-It! 访问控制错误漏洞 — Track-It!CWE-306 9.8 -2022-08-03
CVE-2022-35864 BMC Community Track-It! SQL注入漏洞 — Track-It!CWE-89 6.5 -2022-08-03
CVE-2022-24047 Track-It! 授权问题漏洞 — Track-It!CWE-288 9.8 -2022-02-18

This page lists every published CVE security advisory associated with BMC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.