cve/CVE-2024-1605.md at 71b0cee710ed54e668d68c977dc8a01eece35241

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 03:02:30 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.

POC

Reference

No PoCs from references.

Github

https://github.com/DojoSecurity/DojoSecurity
https://github.com/NaInSec/CVE-LIST
https://github.com/afine-com/research

1002 B Raw Blame History

CVE-2024-1605

Description

POC

Reference

Github

1002 B

Raw Blame History