The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentially earlier unsupported versions
Metrics
Affected Vendors & Products
References
History
Wed, 01 Jul 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Bmc
Bmc control-m/enterprise Manager |
|
| Vendors & Products |
Bmc
Bmc control-m/enterprise Manager |
Wed, 01 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 08:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentially earlier unsupported versions | |
| Title | Weak password hash protection in Control-M/Entreprise Manager | |
| Weaknesses | CWE-328 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: airbus
Published: 2026-07-01T07:52:10.618Z
Updated: 2026-07-01T12:34:11.299Z
Reserved: 2026-06-01T12:16:12.516Z
Link: CVE-2026-10540
Updated: 2026-07-01T12:34:03.614Z
No data.
No data.