A SQL injection vulnerability in BMC Control-M prior to 9.0.20.214 allows malicious users to execute arbitrary SQL commands via the memname JSON field.
bmc control-m