CVE-2019-8352
published 2019-05-20CVE-2019-8352: By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.28%
92.7th percentile
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bmc | patrol_agent | <= 11.3.01 | — |
| msrc | microsoft_hpc_pack_2019 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
0x396fb74a (4-byte magic header)
- →Detect exploit traffic by matching the 4-byte magic value 0x396fb74a at the start of TCP payloads on ports 11002/11004/11006 (IBM WAS DMGR mesh ports), followed by a Java serialized object stream. ↗
- →Alert on SSLv3 negotiation to IBM WAS DMGR ports (11002, 11004, 11006, etc.), as the exploit defaults to SSLv3 with cipher ALL and CLIENT_ONCE verify mode. ↗
- →Monitor for Java deserialization of com.ibm.son.mesh.* classes (Message, BcastFloodMsg, TcpNodeMessage) arriving over the network, which are the serialized payload classes used by the exploit. ↗
- →Note a mandatory ~2-minute gap between exploit attempts due to a neighbor reset requirement; repeated connection attempts to DMGR mesh ports spaced ~2 minutes apart may indicate exploitation. ↗
- ·The exploit targets IBM WAS DMGR mesh ports; the default RPORT is 11006 but the module notes 11002, 11004, 11006, etc. are all valid targets — detection rules should cover the full port range. ↗
- ·The exploit requires SSL/TLS to be enabled (default true) and uses SSLv3 by default; environments that have disabled SSLv3 may not be reachable via this specific exploit path. ↗
- ·The module is Windows-only (Platform: win); Linux/Unix WAS DMGR deployments are not targeted by this specific exploit module. ↗
- ·CVE-2019-8352 is attributed in NVD to BMC PATROL Agent static encryption key weakness, but the Exploit-DB entry references IBM WebSphere Application Server Network Deployment deserialization — verify the correct product scope before applying detections. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w8vq-fjr4-4h8v: By default, BMC PATROL Agent through 11
ghsa_unreviewed·2022-05-24
CVE-2019-8352 [CRITICAL] CWE-798 GHSA-w8vq-fjr4-4h8v: By default, BMC PATROL Agent through 11
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.
Microsoft
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
vendor_msrc·2025-09-09·CVSS 9.8
CVE-2025-55232 [CRITICAL] CWE-502 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
Description: Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
FAQ: What do customers need to do to mitigate this vulnerability?
If you are currently using HPC Pack 2019 Update 2, you need to upgrade to HPC Pack 2019 Update 3 (Build 6.3.8328) and then apply the QFE patch (Build 6.3.8352).
If you are currently using HPC Pack 2016, you must migrate to 2019 to receive a fix, as there is no in-place update from 2016 to 2019.
FAQ: How could an attacker exploit the vulnerability?
An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction.
Microsoft High Perf
No detection rules found.
No writeups or analysis indexed.
2019-05-20
Published