BMC Control-M up to and including 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bmc control-m |