Xceedium: >> Xsuite >> 2.4.3.0 Security Vulnerabilities
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.593
Published
2018-06-18
Multiple hardcoded credentials in Xsuite 2.x.
CVSS Score
9.8
EPSS Score
0.24
Published
2017-09-25
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
CVSS Score
6.1
EPSS Score
0.05
Published
2017-09-25
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-09-25
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
CVSS Score
5.0
EPSS Score
0.232
Published
2015-08-13
Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.
CVSS Score
4.3
EPSS Score
0.034
Published
2015-08-13