CVE-2016-5063

MEDIUM

BMC Server Automation < 8.6 SP1 Patch 2 and < 8.7 Patch 3 - Improper Authorization via RSCD Agent

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-5063. PoCs published by Paul Taylor.

AI-analyzed exploit summary This exploit leverages CVE-2016-5063 to retrieve Windows system users via the BMC BladeLogic RSCD agent by sending crafted XML-RPC requests over TLS. It interacts with the agent's XML-RPC interface to extract user information without authentication.

Description

The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.

Exploits (2)

exploitdb WORKING POC
by Paul Taylor · pythonwebappswindows
https://www.exploit-db.com/exploits/43934

This exploit leverages CVE-2016-5063 to retrieve Windows system users via the BMC BladeLogic RSCD agent by sending crafted XML-RPC requests over TLS. It interacts with the agent's XML-RPC interface to extract user information without authentication.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: BMC BladeLogic RSCD agent 8.3.00.64
No auth needed
Prerequisites: Network access to the RSCD agent (default port 4750) · TLS-enabled RSCD agent
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Paul Taylor · pythonremotemultiple
https://www.exploit-db.com/exploits/43902

This exploit leverages CVE-2016-1543 to achieve remote code execution on BMC BladeLogic RSCD agent via XMLRPC. It establishes a TLS connection and sends crafted XMLRPC requests to execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BMC BladeLogic RSCD agent 8.3.00.64
No auth needed
Prerequisites: Network access to the target system · RSCD agent running on port 4750
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93948
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43934/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43902/

Scores

CVSS v3 5.3
EPSS 0.0837
EPSS Percentile 94.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-285
Status published
Products (2)
bmc/server_automation < 8.6
bmc/server_automation < 8.7
Published May 02, 2017
Tracked Since Feb 18, 2026