Vulnerability Description
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bmc | Bladelogic Server Automation Console | 8.2.02 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/136461/BMC-Server-Automation-BSA-RSCD-Agent
- http://www.securityfocus.com/archive/1/537909/100/0/threaded
- https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCPatchVendor Advisory
- https://www.exploit-db.com/exploits/43902/
- https://www.exploit-db.com/exploits/43939/
- https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-154
- http://packetstormsecurity.com/files/136461/BMC-Server-Automation-BSA-RSCD-Agent
- http://www.securityfocus.com/archive/1/537909/100/0/threaded
- https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCPatchVendor Advisory
- https://www.exploit-db.com/exploits/43902/
- https://www.exploit-db.com/exploits/43939/
- https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-154
FAQ
What is CVE-2016-1542?
CVE-2016-1542 is a vulnerability with a CVSS score of 7.5 (HIGH). The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sendi...
How severe is CVE-2016-1542?
CVE-2016-1542 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1542?
Check the references section above for vendor advisories and patch information. Affected products include: Bmc Bladelogic Server Automation Console.