Vulnerabilities > Xceedium

DATE CVE VULNERABILITY TITLE RISK
2018-06-18 CVE-2015-4664 Improper Input Validation vulnerability in multiple products
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
network
low complexity
broadcom xceedium CWE-20
critical
9.8
2017-09-25 CVE-2015-4669 SQL Injection vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
local
low complexity
xceedium CWE-89
7.8
2017-09-25 CVE-2015-4668 Open Redirect vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
network
low complexity
xceedium CWE-601
6.1
2017-09-25 CVE-2015-4667 Use of Hard-coded Credentials vulnerability in Xceedium Xsuite 2.3.0/2.4.3.0
Multiple hardcoded credentials in Xsuite 2.x.
network
low complexity
xceedium CWE-798
critical
9.8