Known Vulnerabilities for Control-M/Server by BMC
Listed below are 10 of the newest known vulnerabilities associated with "Control-M/Server" by "BMC".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-59762 json | When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utili... | Not Provided | 2026-07-15 | 2026-07-15 |
| CVE-2026-59207 json | n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the All... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-59148 json | Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin... | Not Provided | 2026-07-09 | 2026-07-09 |
| CVE-2026-58655 json | The bundled Grav Flex Objects plugin (getgrav/grav-plugin-flex-objects) before 1.4.0 contains a stored server-side template i... | Not Provided | 2026-07-15 | 2026-07-15 |
| CVE-2026-58213 json | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9,... | Not Provided | 2026-07-08 | 2026-07-09 |
| CVE-2026-57850 json | RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limite... | Not Provided | 2026-07-10 | 2026-07-15 |
| CVE-2026-57527 json | Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attac... | Not Provided | 2026-06-26 | 2026-07-14 |
| CVE-2026-57521 json | Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access ... | Not Provided | 2026-06-25 | 2026-07-14 |
| CVE-2026-57303 json | Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allow... | Not Provided | 2026-06-24 | 2026-06-24 |
| CVE-2026-57111 json | Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filters.CORSFilter)... | Not Provided | 2026-07-09 | 2026-07-09 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bmc | Control-m/server | 6.4.1 |