Primary

Context

BMC Control-M/Agent Hardcoded Default Keystore Password Vulnerability

Vulnerability

Patched

A vulnerability exists in BMC Control-M/Agent for UNIX and Windows, all versions through 9.0.22, due to a hardcoded default keystore password in agents using a KDB or PKCS#12 keystore. An attacker with read access to the keystore could exploit this vulnerability to access sensitive data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data stored in the keystore.

Remediation

To address this vulnerability, Control-M/Agents should be upgraded to version 9.0.21 or 9.0.22. After upgrading, verify which agents use SSL/TLS communication with Control-M/Server. For agents using a KDB keystore, deploy a PKCS#12 keystore. For agents with a PKCS#12 keystore, check if the password is the default one. If it is, change it to a secure password and update the Control-M configuration with the new password.

Added: Sep 16, 2025, 3:23 PM

Updated: Sep 16, 2025, 3:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

8.3

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

8.3

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BMC Control-M/Agent Hardcoded Default Keystore Password Vulnerability

Vulnerability

Impact

Remediation

Affected Products

BMC Control-M/Agent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating