Primary

Context

BMC Control-M/Agent Path Traversal Vulnerability Leading to Local Privilege Escalation

Vulnerability

Patched

A path traversal vulnerability has been identified in BMC Control-M/Agent for UNIX and Windows, specifically in versions 9.0.18 prior to 9.0.20, and potentially earlier unsupported versions. This vulnerability allows local privilege escalation when an attacker has access to the system running the Agent.

Impact

Exploitation of this vulnerability can lead to unauthorized elevation of privileges on the affected system.

Remediation

Users are advised to upgrade to Control-M/Agent version 9.0.20.100 or higher. For those on versions 9.0.20.000 and lower, BMC recommends upgrading to version 9.0.20.200, where the fix has been implemented.

Added: Sep 16, 2025, 3:11 PM

Updated: Sep 16, 2025, 3:11 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

3.5

remediation

7.9

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

3.5

remediation

7.9

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BMC Control-M/Agent Path Traversal Vulnerability Leading to Local Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

BMC Control-M/Agent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating