{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/136461/BMC-Server-Automation-BSA-RSCD-Agent-User-Enumeration.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/"}, {"name": "20160328 BMC-2015-0010: User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux RSCD Agent (CVE-2016-1542)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/537909/100/0/threaded"}, {"name": "43902", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43902/"}, {"name": "43939", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43939/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1542", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/136461/BMC-Server-Automation-BSA-RSCD-Agent-User-Enumeration.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/136461/BMC-Server-Automation-BSA-RSCD-Agent-User-Enumeration.html"}, {"name": "https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/", "refsource": "MISC", "url": "https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/"}, {"name": "20160328 BMC-2015-0010: User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux RSCD Agent (CVE-2016-1542)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/537909/100/0/threaded"}, {"name": "43902", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43902/"}, {"name": "43939", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43939/"}, {"name": "https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution", "refsource": "CONFIRM", "url": "https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-1542", "datePublished": "2016-06-13T14:00:00", "dateReserved": "2016-01-07T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.02:*:*:*:*:*:*:*", "matchCriteriaId": "16BB2B38-F0C4-4B0C-A607-C784E07DA33A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.03:*:*:*:*:*:*:*", "matchCriteriaId": "939A3FFF-0462-49CF-A17B-994CD3B5E25A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.04:*:*:*:*:*:*:*", "matchCriteriaId": "7280D43A-EEC3-4926-B7DB-7B85B68A4A48", "vulnerable": true}, {"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.00:*:*:*:*:*:*:*", "matchCriteriaId": "940DB221-9316-454E-8000-B7B8DEE082FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.01:*:*:*:*:*:*:*", "matchCriteriaId": "D49C7C76-DF24-46BB-8099-E98576255D7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.02:*:*:*:*:*:*:*", "matchCriteriaId": "FACA49B3-0C77-4766-B81A-A5E4920BC113", "vulnerable": true}, {"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.03:*:*:*:*:*:*:*", "matchCriteriaId": "F74C0A94-C228-4833-B510-4EEBD790FA77", "vulnerable": true}, {"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.00:*:*:*:*:*:*:*", "matchCriteriaId": "53191EC8-AE1C-485A-AB9A-B7D8F8543972", "vulnerable": true}, {"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.01:*:*:*:*:*:*:*", "matchCriteriaId": "065FEBE7-EC1E-4A6B-90C8-F204F24423C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.6.00:*:*:*:*:*:*:*", "matchCriteriaId": "BEC5DCDE-E88D-4A7E-A8BA-A042101BD1A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.7.00:*:*:*:*:*:*:*", "matchCriteriaId": "241D439C-247B-4F3F-B8FD-45254BD84A74", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure."}, {"lang": "es", "value": "El agente RPC API en RSCD en BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x y 8.7.x en Linux y UNIX permite a atacantes remotos eludir la autorizaci\u00f3n y enumerar usuarios mandando un paquete de acci\u00f3n a xmlrpc despu\u00e9s de un fallo de autorizaci\u00f3n."}], "id": "CVE-2016-1542", "lastModified": "2018-10-09T19:59:12.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-13T14:59:00.150", "references": [{"source": "cret@cert.org", "url": "http://packetstormsecurity.com/files/136461/BMC-Server-Automation-BSA-RSCD-Agent-User-Enumeration.html"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/archive/1/537909/100/0/threaded"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/43902/"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/43939/"}, {"source": "cret@cert.org", "url": "https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}