Version: 9.0.00 & 9.0.18
November 22, 2018
Notification of critical security issue found in Control-M/Enterprise Manager
BMC is alerting users to a critical security issue that requires immediate attention in versions 9.0.00 and 9.0.18.
An SQL injection vulnerability was identified in Control-M Self Service that allows an authenticated user to access sensitive information.
Install Control-M version 184.108.40.206, which includes CAR00188787, the specific fix for the issue.
BMC would like to thank Bartłomiej Stasiek and Maciej Grabiec for disclosing this vulnerability.
Where to get additional information
If you have any questions about the issue, contact BMC Customer Support at 800 5371813 (United States or Canada) or call your local support center.