Technical Bulletin

Version: 9.0.00 & 9.0.18

November 22, 2018

Notification of critical security issue found in Control-M/Enterprise Manager

BMC is alerting users to a critical security issue that requires immediate attention in versions 9.0.00 and 9.0.18.


An SQL injection vulnerability was identified in Control-M Self Service that allows an authenticated user to access sensitive information.


Install Control-M version, which includes CAR00188787, the specific fix for the issue.


BMC would like to thank Bartłomiej Stasiek and Maciej Grabiec for disclosing this vulnerability.

Where to get additional information

If you have any questions about the issue, contact BMC Customer Support at 800 5371813 (United States or Canada) or call your local support center.

Was this page helpful? Yes No Submitting... Thank you