CVE-2016-1543
N/A
N/A
Summary
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/
- http://www.securityfocus.com/archive/1/537910/100/0/threaded
- https://www.exploit-db.com/exploits/43902/
- https://www.exploit-db.com/exploits/43939/
- http://packetstormsecurity.com/files/136462/BMC-Server-Automation-BSA-RSCD-Agent-Unauthorized-Password-Reset.html
- https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution
References
- https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/
- http://www.securityfocus.com/archive/1/537910/100/0/threaded
- https://www.exploit-db.com/exploits/43902/
- https://www.exploit-db.com/exploits/43939/
- http://packetstormsecurity.com/files/136462/BMC-Server-Automation-BSA-RSCD-Agent-Unauthorized-Password-Reset.html
- https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.