CVE Catalog

CVE-2026-10540

MediumCVSS 5.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.08%

0th percentile — higher than 0% of all known CVEs

Summary

Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects unsupported versions 9.0.20.x and potentially earlier unsupported versions.

Risk Assessment

The risk is that an attacker who obtains credential data can recover account passwords offline, potentially leading to unauthorized access to the system and data.

Recommendation

It is recommended to immediately upgrade to a supported version of Control-M/Enterprise Manager and implement stronger password protection mechanisms such as salting and iterative hash functions.

Original NVD description (English source)

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentially earlier unsupported versions

Vulnerability data from NVD (NIST) · CISA KEV · EPSS