BMC Control-M/Agent hardcoded default keystore password_CVE-2025-55110

5.7 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented.

An attacker with read access to the keystore could access sensitive data using this password.

Basic Information

ID CVE-2025-55110

Source airbus

Published Sep 16, 2025 at 12:16

Affected Product

Vendor BMC

Product Control-M/Agent

Version 9.0.22

Affected Versions BMC Control-M/Agent 9.0.22
BMC Control-M/Agent 9.0.21
BMC Control-M/Agent 9.0.20
BMC Control-M/Agent 9.0.19
BMC Control-M/Agent 9.0.18

CWE Classification

CWE-1392

References

{
    "lastseen": "",
    "description": "Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented.\n\nAn attacker with read access to the keystore could access sensitive data using this password.",
    "published": "2025-09-16T12:16:57.669Z",
    "modified": "2025-09-16T12:16:57.669Z",
    "type": "cve",
    "title": "BMC Control-M/Agent hardcoded default keystore password",
    "source": "airbus",
    "references": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099\nhttps://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441964",
    "id": "CVE-2025-55110",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1392"
    ],
    "cvelist": null,
    "sourceData": "BMC Control-M/Agent 9.0.22\nBMC Control-M/Agent 9.0.21\nBMC Control-M/Agent 9.0.20\nBMC Control-M/Agent 9.0.19\nBMC Control-M/Agent 9.0.18",
    "sourceHref": "",
    "cvss": {
        "score": 5.7,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Control-M/Agent",
    "version": "9.0.22",
    "vendor": "BMC",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}