8 Replies Latest reply on Jan 11, 2017 4:48 AM by Santhosh Kurimilla

    91947 - BMC Server Automation RSCD Agent Weak ACL NSH Arbitrary Command Execution Vulnerability

    Ashish Vijay

      Hello We have few Linux Servers and has RSCD agent version 8.7P3 installed on them. When we ran Nessus scan on them then it gives below vulnerability on these servers.

       

      91947 - BMC Server Automation RSCD Agent Weak ACL NSH Arbitrary Command Execution

       

      For security purpose, we have nouser entry in users file and we have certificate (fingerprints) installed on target servers with encryption_and_auth entry in secure file so that only valid servers can access these servers.

       

      Can someone tell me why we are getting this vulnerability in Nessus scan report and how to resolve it.

       

      For information, We have BSA App servers Version 8.7P3 on Linux.