BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.
