CVE-2026-23782

Gravedad:

Pendiente de análisis

Tipo:

No Disponible / Otro tipo

Fecha de publicación:

10/04/2026

Última modificación:

10/04/2026

Descripción

*** Pendiente de traducción *** An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unauthorized access.

Impacto

Referencias a soluciones, herramientas e información

https://docs.bmc.com/xwiki/bin/view/Control-M-Orchestration/Control-M/ctm9021/Patches/Control-M-Server-PACTV-9-0-21-308/?srid=ab0apVT3
https://www.bmc.com/support/resources/issue-defect-management.html