BMC Server Automation RSCD Agent Weak ACL XML-RPC Arbitrary Command Execution

Critical Nessus Plugin ID 90999


The RSCD agent running on the remote host is affected by a remote command execution vulnerability.


The RSCD agent running on the remote host does not have access controls in place to prevent an attacker from executing XML-RPC commands. An unauthenticated, remote attacker can exploit this to execute arbitrary commands in the context of the user in which the connections are mapped.


Apply more restrictive access controls to the export file.

See Also

Plugin Details

Severity: Critical

ID: 90999

File Name: bmc_rscd_xml_acl_check.nasl

Version: $Revision: 1.3 $

Type: remote

Family: Misc.

Published: 2016/05/10

Modified: 2016/07/05

Dependencies: 91000

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:bmc:bladelogic_server_automation_rscd_agent

Exploited by Nessus: true