Vulnerability Details CVE-2015-4664
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.593
EPSS Ranking 98.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html
- http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt
- https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html
- https://www.exploit-db.com/exploits/37708/
- http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html
- http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt
- https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html
- https://www.exploit-db.com/exploits/37708/
Products affected by CVE-2015-4664
-
cpe:2.3:a:broadcom:privileged_access_manager:2.0.0
-
cpe:2.3:a:broadcom:privileged_access_manager:2.4.4.4
-
cpe:2.3:a:xceedium:xsuite:2.3.0
-
cpe:2.3:a:xceedium:xsuite:2.4.3.0