admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-12-14 03:02:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2016/CVE-2016-15xx/CVE-2016-1542.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

176 lines
6.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2016-1542",
"sourceIdentifier": "cret@cert.org",
"published": "2016-06-13T14:59:00.150",
"lastModified": "2018-10-09T19:59:12.130",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure."
},
{
"lang": "es",
"value": "El agente RPC API en RSCD en BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x y 8.7.x en Linux y UNIX permite a atacantes remotos eludir la autorizaci\u00f3n y enumerar usuarios mandando un paquete de acci\u00f3n a xmlrpc despu\u00e9s de un fallo de autorizaci\u00f3n."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": true,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "16BB2B38-F0C4-4B0C-A607-C784E07DA33A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "939A3FFF-0462-49CF-A17B-994CD3B5E25A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7280D43A-EEC3-4926-B7DB-7B85B68A4A48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "940DB221-9316-454E-8000-B7B8DEE082FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D49C7C76-DF24-46BB-8099-E98576255D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "FACA49B3-0C77-4766-B81A-A5E4920BC113"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "F74C0A94-C228-4833-B510-4EEBD790FA77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "53191EC8-AE1C-485A-AB9A-B7D8F8543972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "065FEBE7-EC1E-4A6B-90C8-F204F24423C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.6.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC5DCDE-E88D-4A7E-A8BA-A042101BD1A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bmc:bladelogic_server_automation_console:8.7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "241D439C-247B-4F3F-B8FD-45254BD84A74"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/136461/BMC-Server-Automation-BSA-RSCD-Agent-User-Enumeration.html",
"source": "cret@cert.org"
},
{
"url": "http://www.securityfocus.com/archive/1/537909/100/0/threaded",
"source": "cret@cert.org"
},
{
"url": "https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution",
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/43902/",
"source": "cret@cert.org"
},
{
"url": "https://www.exploit-db.com/exploits/43939/",
"source": "cret@cert.org"
},
{
"url": "https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/",
"source": "cret@cert.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink