Vulnerabilities > Xceedium

DATE CVE VULNERABILITY TITLE RISK
2018-06-18 CVE-2015-4664 Improper Input Validation vulnerability in multiple products
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
network
low complexity
broadcom xceedium CWE-20
7.5
2017-09-25 CVE-2015-4669 SQL Injection vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
local
low complexity
xceedium CWE-89
7.2
2017-09-25 CVE-2015-4668 Open Redirect vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
network
xceedium CWE-601
5.8
2017-09-25 CVE-2015-4667 Use of Hard-coded Credentials vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0
Multiple hardcoded credentials in Xsuite 2.x.
network
low complexity
xceedium CWE-798
7.5
2015-08-13 CVE-2015-4666 Path Traversal vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
network
low complexity
xceedium CWE-22
5.0
2015-08-13 CVE-2015-4665 Cross-site Scripting vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0
Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.
network
xceedium CWE-79
4.3