An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
9.8CVSS
9.6AI Score
0.01EPSS
Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.
7.7AI Score
0.003EPSS
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
9.1AI Score
0.012EPSS
9.8CVSS
9.4AI Score
0.009EPSS
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
6.1CVSS
7.5AI Score
0.004EPSS
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
7.8CVSS
8.2AI Score
0.0004EPSS