CVE-2016-1542
Published Jun 13, 2016
Last updated 6 years ago
Overview
- Description
- The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.
- Source
- cret@cert.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16BB2B38-F0C4-4B0C-A607-C784E07DA33A" }, { "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "939A3FFF-0462-49CF-A17B-994CD3B5E25A" }, { "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7280D43A-EEC3-4926-B7DB-7B85B68A4A48" }, { "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "940DB221-9316-454E-8000-B7B8DEE082FC" }, { "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D49C7C76-DF24-46BB-8099-E98576255D7D" }, { "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FACA49B3-0C77-4766-B81A-A5E4920BC113" }, { "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F74C0A94-C228-4833-B510-4EEBD790FA77" }, { "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53191EC8-AE1C-485A-AB9A-B7D8F8543972" }, { "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "065FEBE7-EC1E-4A6B-90C8-F204F24423C5" }, { "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.6.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEC5DCDE-E88D-4A7E-A8BA-A042101BD1A8" }, { "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.7.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "241D439C-247B-4F3F-B8FD-45254BD84A74" } ], "operator": "OR" } ] } ]