CVE-2026-10540
MediumCVSS 5.6Exploitation Probability (EPSS)
Low risk0th percentile — higher than 0% of all known CVEs
Summary
Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects unsupported versions 9.0.20.x and potentially earlier unsupported versions.
Risk Assessment
The risk is that an attacker who obtains credential data can recover account passwords offline, potentially leading to unauthorized access to the system and data.
Recommendation
It is recommended to immediately upgrade to a supported version of Control-M/Enterprise Manager and implement stronger password protection mechanisms such as salting and iterative hash functions.
Original NVD description (English source)
The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentially earlier unsupported versions

