BMC Server Automation RSCD Agent Weak ACL XML-RPC Arbitrary Command Execution
Critical Nessus Plugin ID 90999
SynopsisThe RSCD agent running on the remote host is affected by a remote command execution vulnerability.
DescriptionThe RSCD agent running on the remote host does not have access controls in place to prevent an attacker from executing XML-RPC commands. An unauthenticated, remote attacker can exploit this to execute arbitrary commands in the context of the user in which the connections are mapped.
SolutionApply more restrictive access controls to the export file.