admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-12-14 09:33:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2016/CVE-2016-15xx/CVE-2016-1542.json

176 lines
6.0 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2016-1542",
"sourceIdentifier": "cret@cert.org",
"published": "2016-06-13T14:59:00.150",
"lastModified": "2018-10-09T19:59:12.130",
"vulnStatus": "Modified",
Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00
"cveTags": [],
bootstrap
2023-04-24 12:24:31 +02:00
"descriptions": [
{
"lang": "en",
"value": "The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure."
},
{
"lang": "es",
"value": "El agente RPC API en RSCD en BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x y 8.7.x en Linux y UNIX permite a atacantes remotos eludir la autorizaci\u00f3n y enumerar usuarios mandando un paquete de acci\u00f3n a xmlrpc despu\u00e9s de un fallo de autorizaci\u00f3n."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": true,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "16BB2B38-F0C4-4B0C-A607-C784E07DA33A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "939A3FFF-0462-49CF-A17B-994CD3B5E25A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7280D43A-EEC3-4926-B7DB-7B85B68A4A48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "940DB221-9316-454E-8000-B7B8DEE082FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D49C7C76-DF24-46BB-8099-E98576255D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "FACA49B3-0C77-4766-B81A-A5E4920BC113"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "F74C0A94-C228-4833-B510-4EEBD790FA77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "53191EC8-AE1C-485A-AB9A-B7D8F8543972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "065FEBE7-EC1E-4A6B-90C8-F204F24423C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.6.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC5DCDE-E88D-4A7E-A8BA-A042101BD1A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "241D439C-247B-4F3F-B8FD-45254BD84A74"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/136461/BMC-Server-Automation-BSA-RSCD-Agent-User-Enumeration.html",
"source": "cret@cert.org"
},
{
"url": "http://www.securityfocus.com/archive/1/537909/100/0/threaded",
"source": "cret@cert.org"
},
{
"url": "https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution",
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/43902/",
"source": "cret@cert.org"
},
{
"url": "https://www.exploit-db.com/exploits/43939/",
"source": "cret@cert.org"
},
{
"url": "https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/",
"source": "cret@cert.org"
}
]
}
Reference in New Issue Copy Permalink