CVE-2016-1543

Published Jun 13, 2016

Last updated 6 years ago

Overview

Description: The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
Source: cret@cert.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-284

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16BB2B38-F0C4-4B0C-A607-C784E07DA33A"
          },
          {
            "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "939A3FFF-0462-49CF-A17B-994CD3B5E25A"
          },
          {
            "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7280D43A-EEC3-4926-B7DB-7B85B68A4A48"
          },
          {
            "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "940DB221-9316-454E-8000-B7B8DEE082FC"
          },
          {
            "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D49C7C76-DF24-46BB-8099-E98576255D7D"
          },
          {
            "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FACA49B3-0C77-4766-B81A-A5E4920BC113"
          },
          {
            "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F74C0A94-C228-4833-B510-4EEBD790FA77"
          },
          {
            "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53191EC8-AE1C-485A-AB9A-B7D8F8543972"
          },
          {
            "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "065FEBE7-EC1E-4A6B-90C8-F204F24423C5"
          },
          {
            "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.6.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEC5DCDE-E88D-4A7E-A8BA-A042101BD1A8"
          },
          {
            "criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.7.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "241D439C-247B-4F3F-B8FD-45254BD84A74"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References