CVE-2026-10540

Summary

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentially earlier unsupported versions

Affected Software

VendorProductVersion RangeStatus
BMCControl-M/Enterprise Manager9.0.21unaffected
BMCControl-M/Enterprise Manager9.0.20 < 9.0.21affected

Weaknesses

  • CWE-328: CWE-328 Use of weak hash

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References