Xsuite Security Vulnerabilities and Issues — Xsuite CVE List

Lucene search

XceediumXsuite

6 matches found

CVE•added 2017/09/25 5:29 p.m.•93 views

CVE-2015-4669

The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.

7.8CVSS8.2AI score0.00321EPSS

CVE•added 2018/06/18 6:29 p.m.•89 views

CVE-2015-4664

An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.

9.8CVSS9.6AI score0.56539EPSS

CVE•added 2015/08/13 2:59 p.m.•82 views

CVE-2015-4666

Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.

5CVSS9.1AI score0.23163EPSS

CVE•added 2015/08/13 2:59 p.m.•78 views

CVE-2015-4665

Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.

4.3CVSS7.7AI score0.0338EPSS

CVE•added 2017/09/25 5:29 p.m.•49 views

CVE-2015-4668

Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.

6.1CVSS7.5AI score0.04993EPSS

CVE•added 2017/09/25 5:29 p.m.•45 views

CVE-2015-4667

Multiple hardcoded credentials in Xsuite 2.x.

9.8CVSS9.4AI score0.24014EPSS