BMC Server Automation RSCD Agent Weak ACL XML-RPC Arbitrary Command Execution

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The RSCD agent running on the remote host is affected by a remote
command execution vulnerability.

Description :

The RSCD agent running on the remote host does not have access
controls in place to prevent an attacker from executing XML-RPC
commands. An unauthenticated, remote attacker can exploit this to
execute arbitrary commands in the context of the user in which the
connections are mapped.

See also :

Solution :

Apply more restrictive access controls to the export file.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: Misc.

Nessus Plugin ID: 90999 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now