[et_pb_section fb_built=\"1\" _builder_version=\"4.9.4\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\"][et_pb_row _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\" hover_enabled=\"0\" sticky_enabled=\"0\"]<\/p>\n
<\/span> * We consider the vulnerability to be of conditional severity as the vendor explicitly recommends to use TLS and the attacks only work when TLS is disabled. Nevertheless, as we encountered real-life configurations without TLS, we would like to highlight the increased criticality in case of a customer misconfiguration.<\/span><\/p>\n <\/p>\n An Insecure Password Storage vulnerability was found in the communication between Control-M\/Agent and Control-M\/Server when using the TCP protocol and handling output with an unsupported action.<\/span><\/p>\n <\/span><\/p>\n Apply more restrictive file permissions to files that store sensitive information.<\/span><\/p>\n This security vulnerability was found by Tobias Neitzel of usd AG.<\/span><\/p>\n<\/div>\n<\/div>\n [\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\"][\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" usd-2019-0066 | Control-M\/Agent Advisory ID: usd-2019-0066CVE Number: CVE-2019-19218Affected Product: Control-M\/AgentAffected Version: 7.0.00.000 Vulnerability Type: Insecure Password StorageSecurity Risk: Conditional*Vendor URL: https:\/\/www.bmcsoftware.de\/Vendor Status: Fixed (according to vendor) * We consider the vulnerability to be of conditional severity as the vendor explicitly recommends to use TLS and the attacks only work when TLS is disabled. Nevertheless, as […]<\/p>\n","protected":false},"author":96,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-16645","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16645","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=16645"}],"version-history":[{"count":0,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16645\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=16645"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Advisory ID<\/strong>: usd-2019-0066<\/span>
CVE Number<\/strong>: CVE-2019-19218<\/span>
Affected Product<\/strong>: Control-M\/Agent<\/span>
Affected Version<\/strong>: 7.0.00.000 <\/span>
Vulnerability Type<\/strong>: Insecure Password Storage<\/span>
Security Risk<\/strong>: Conditional*<\/span>
Vendor URL<\/strong>: https:\/\/www.bmcsoftware.de\/<\/a><\/span>
Vendor Status<\/strong>: Fixed (according to vendor)<\/span><\/p>\nDescription<\/h3>\n
Fix<\/h3>\n
<\/h3>\n
Timeline<\/h3>\n
\n
<\/h3>\n
Credits<\/h3>\n