xceedium 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk cross-site scripting and vendor risk open redirect などに関し、一部は ファイル上書き を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2015-4664 | An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands. | [email protected] | 9.8 | 51.00% | 2018-06-18 | 2024-11-21 |
| CVE-2015-4669 | The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | [email protected] | 7.8 | 0.25% | 2017-09-25 | 2026-05-13 |
| CVE-2015-4668 | Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. | [email protected] | 6.1 | 4.20% | 2017-09-25 | 2026-05-13 |
| CVE-2015-4667 | Multiple hardcoded credentials in Xsuite 2.x. | [email protected] | 9.8 | 24.01% | 2017-09-25 | 2026-05-13 |
| CVE-2015-4666 | Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter. | [email protected] | 5.0 | 16.39% | 2015-08-13 | 2026-05-06 |
| CVE-2015-4665 | Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter. | [email protected] | 4.3 | 3.38% | 2015-08-13 | 2026-05-06 |