Описание
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.02:*:*:*:*:*:*:*
cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.03:*:*:*:*:*:*:*
cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.04:*:*:*:*:*:*:*
cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.00:*:*:*:*:*:*:*
cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.01:*:*:*:*:*:*:*
cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.02:*:*:*:*:*:*:*
cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.03:*:*:*:*:*:*:*
cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.00:*:*:*:*:*:*:*
cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.01:*:*:*:*:*:*:*
cpe:2.3:a:bmc:bladelogic_server_automation_console:8.6.00:*:*:*:*:*:*:*
cpe:2.3:a:bmc:bladelogic_server_automation_console:8.7.00:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.73034
Высокий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
EPSS
Процентиль: 99%
0.73034
Высокий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-284