CVE-2019-19215

A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server.

CVSS v3 8.8 HIGH
CVSS v2.0 6.0 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://herolab.usd.de/en/security-advisories/	Third Party Advisory
https://www.bmc.com/it-solutions/control-m.html	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:bmcsoftware:control-m\/agent:7.0.00.000:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-30 14:15

Updated : 2024-02-28 17:47

NVD link : CVE-2019-19215

Mitre link : CVE-2019-19215

CVE.ORG link : CVE-2019-19215

JSON object : View

Products Affected

bmcsoftware

control-m\/agent

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2019-19215", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-04-30T14:15:12.357", "references": [{"url": "https://herolab.usd.de/en/security-advisories/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.bmc.com/it-solutions/control-m.html", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server."}, {"lang": "es", "value": "Una vulnerabilidad de desbordamiento del b\u00fafer en BMC Control-M/Agent versi\u00f3n 7.0.00.000, cuando el destino de la acci\u00f3n On-Do es Mail y el Control-M/Agent est\u00e1 configurado para enviar el correo electr\u00f3nico, permite a atacantes remotos tener un impacto no especificado por medio de vectores relacionados con la direcci\u00f3n IP configurada o el servidor SMTP."}], "lastModified": "2020-05-26T17:31:16.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bmcsoftware:control-m\\/agent:7.0.00.000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3115176-D870-4570-984A-F3658B586F82"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}