bmc

Top products

The 15 most recently published vulnerabilities affecting bmc.

• CVE-2026-23782An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With...7.5Apr 10, 2026
• CVE-2026-23781An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these creden...9.8Apr 10, 2026
• CVE-2026-23780An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due t...8.8Apr 10, 2026
• CVE-2025-71260BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 VIEWSTATE Deserialization RCE8.8Mar 19, 2026
• CVE-2025-71259BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in externalfeed/RSS4.3Mar 19, 2026
• CVE-2025-71258BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in searchWeb4.3Mar 19, 2026
• CVE-2025-71257BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Authentication Bypass7.3Mar 19, 2026
• CVE-2025-55108BMC Control-M/Agent default configuration does not enforce SSL/TLS allowing unauthorized actions and remote code execution10.0Nov 5, 2025
• CVE-2025-55118BMC Control-M/Agent memory corruption in SSL/TLS communication8.9Sep 16, 2025
• CVE-2025-55117BMC Control-M/Agent buffer overflow in SSL/TLS communication5.3Sep 16, 2025
• CVE-2025-55116BMC Control-M/Agent buffer overflow local privilege escalation8.8Sep 16, 2025
• CVE-2025-55115BMC Control-M/Agent path traversal local privilege escalation8.8Sep 16, 2025
• CVE-2025-55114BMC Control-M/Agent improper IP address filtering order5.3Sep 16, 2025
• CVE-2025-55113BMC Control-M/Agent unescaped NULL byte in access control list checks9.0Sep 16, 2025
• CVE-2025-55112BMC Control-M/Agent hardcoded Blowfish keys7.4Sep 16, 2025