Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2016-5063

Published: 02/05/2017 Updated: 02/02/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 511
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Server Automation

Vulnerability Summary

The RSCD agent in BMC Server Automation prior to 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote malicious users to bypass authorization checks and make an RPC call via unspecified vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

bmc server automation

Exploits

Exploit DB: BMC BladeLogic RSCD Agent 8.3.00.64 Windows Users Disclosure
BMC BladeLogic RSCD Agent version 830064 suffers from a windows users disclosure vulnerability ...
Exploit DB: BMC BladeLogic 8.3.00.64 - Remote Command Execution
# Exploit Title: BMC BladeLogic RSCD agent remote exec - XMLRPC version # Filename: BMC_rexecpy # Github: githubcom/bao7uo/bmc_bladelogic # Date: 2018-01-24 # Exploit Author: Paul Taylor / Foregenix Ltd # Website: wwwforegenixcom/blog # Version: BMC RSCD agent 830064 # CVE: CVE-2016-1542 (BMC-2015-0010), CVE-2016-1543 (BMC-201 ...
Exploit DB: BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure
# Exploit Title: BMC BladeLogic RSCD agent get Windows users # Filename: BMC_winUserspy # Github: githubcom/bao7uo/bmc_bladelogic # Date: 2018-01-27 # Exploit Author: Paul Taylor / Foregenix Ltd # Website: wwwforegenixcom/blog # Version: BMC RSCD agent 830064 # CVE: CVE-2016-5063 # Vendor Advisory: docsbmccom/docs/Se ...

Github Repositories

https://github.com/bao7uo/bmc_bladelogic

BMC Bladelogic RSCD exploits including remote code execution - CVE-2016-1542, CVE-2016-1543, CVE-2016-5063

BMC Bladelogic RSCD remote exploits for Linux and Windows Change passwords, List users and Remote code execution Exploiting vulnerabilities in BMC BladeLogic RSCD agent CVE-2016-1542 (BMC-2015-0010) CVE-2016-1543 (BMC-2015-0011) CVE-2016-5063 Published on exploit-db BMC_rexecpy wwwexploit-dbcom/exploits/43902/ BMC_winUserspy wwwexploit-dbcom/exploit

https://github.com/DreadFog/RSCD_CVEs

My research and works about the CVE 2016-5063/1542/1543 about the RSCD agent

RSCD_CVEs My research and works about the CVE 2016-5063/1542/1543 about the RSCD agent You will find two different files in this repo: one that was adapted from @bao7uo, as its script was for python 2 and the formatting was not working anymore for python 3 It allows the attacker to Get some intel about the host OS and a listing of the users of the server This vulnerability

References

CWE-285https://docs.bmc.com/docs/display/bsa87/Notification+of+Windows+RSCD+Agent+vulnerability+in+BMC+Server+Automation+CVE-2016-5063http://www.securityfocus.com/bid/93948https://www.exploit-db.com/exploits/43902/https://www.exploit-db.com/exploits/43934/https://nvd.nist.govhttps://github.com/bao7uo/bmc_bladelogichttps://packetstormsecurity.com/files/146164/BMC-BladeLogic-RSCD-Agent-8.3.00.64-Windows-Users-Disclosure.htmlhttps://www.exploit-db.com/exploits/43902/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook