Password Hash Protection Vulnerability in Control-M/Enterprise Manager by BMC Software
CVE-2026-10540
5.6MEDIUM
What is CVE-2026-10540?
The Control-M/Enterprise Manager by BMC Software exhibits insufficient security measures for safeguarding password hashes associated with user accounts. This vulnerability could enable attackers who gain access to credential data to execute offline password recovery attacks. Affected versions include the unsupported Control-M/Enterprise Manager 9.0.20.x and potentially earlier versions that do not meet current security standards.
Affected Version(s)
Control-M/Enterprise Manager 9.0.21
Control-M/Enterprise Manager 9.0.20 < 9.0.21
Control-M/Enterprise Manager 9.0.21
References
CVSS V4
Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jean-Romain Garnier from [Airbus Security Lab](https://airbus-seclab.github.io) - <vuln@airbus.com>
Quentin Liddell from [Airbus Security Lab](https://airbus-seclab.github.io) - <vuln@airbus.com>
