CVE-2019-19215

Current Description

A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server.

Basic Data

PublishedApril 30, 2020
Last ModifiedMay 26, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-120
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.0
SeverityMEDIUM
Exploitability Score6.8
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationBmcsoftwareControl-m/agent7.0.00.000*******

Vulnerable Software List

VendorProductVersions
Bmcsoftware Control-m/agent 7.0.00.000

References

NameSourceURLTags
https://www.bmc.com/it-solutions/control-m.htmlMISChttps://www.bmc.com/it-solutions/control-m.htmlProduct Third Party Advisory
https://herolab.usd.de/en/security-advisories/MISChttps://herolab.usd.de/en/security-advisories/