CVE-2016-5063

🗓️ 02 May 2017 14:00:00Reported by certccType

cve🔗 web.nvd.nist.gov👁 66 Views🌐 WEB

RSCD Agent in BMC Server Automation allowing unauthorized RPC calls

Reporter	Title	Published	Views	Family All 11
0day.today	BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure Exploit	30 Jan 201800:00	–	zdt
Tenable Nessus	BMC Server Automation RSCD Agent ACL Bypass	10 May 201600:00	–	nessus
CNVD	BMC Server Automation Authentication Bypass Vulnerability	3 Nov 201600:00	–	cnvd
Cvelist	CVE-2016-5063	2 May 201714:00	–	cvelist
Exploit DB	BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure	30 Jan 201800:00	–	exploitdb
exploitpack	BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure	30 Jan 201800:00	–	exploitpack
NVD	CVE-2016-5063	2 May 201714:59	–	nvd
OSV	CVE-2016-5063	2 May 201714:59	–	osv
Packet Storm	BMC BladeLogic RSCD Agent 8.3.00.64 Windows Users Disclosure	30 Jan 201800:00	–	packetstorm
Prion	Authorization	2 May 201714:59	–	prion

NVD

Node

bmc server_automationRange≤8.6sp1_patch_1

Source	Link
docs	www.docs.bmc.com/docs/display/bsa87/Notification+of+Windows+RSCD+Agent+vulnerability+in+BMC+Server+Automation+CVE-2016-5063
securityfocus	www.securityfocus.com/bid/93948
exploit-db	www.exploit-db.com/exploits/43902/
exploit-db	www.exploit-db.com/exploits/43934/

Parameter	Position	Path	Description	CWE
RemoteUser.getUserContents	request body	/xmlrpc	Exploits unauthorized RPC call to RSCD agent to retrieve Windows users.	CWE-285
typeName	request body	/xmlrpc	Exploits unauthorized RPC call to RSCD agent to retrieve Windows users.	CWE-285
host	request body	/xmlrpc	Exploits unauthorized RPC call to RSCD agent to retrieve Windows users.	CWE-285
path	request body	/xmlrpc	Exploits unauthorized RPC call to RSCD agent to retrieve Windows users.	CWE-285
container	request body	/xmlrpc	Exploits unauthorized RPC call to RSCD agent to retrieve Windows users.	CWE-285

13 May 2026 00:24Current

5.1Medium risk

Vulners AI Score5.1

CVSS 25

CVSS 35.3

EPSS0.16862