彙總 xceedium 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本與開放重定向 等問題,部分漏洞可能導致 檔案覆寫,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2015-4664 | An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands. | [email protected] | 9.8 | 20.83% | 2018-06-18 | 2026-06-16 |
| CVE-2015-4669 | The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | [email protected] | 7.8 | 1.05% | 2017-09-25 | 2026-06-16 |
| CVE-2015-4668 | Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. | [email protected] | 6.1 | 6.72% | 2017-09-25 | 2026-06-16 |
| CVE-2015-4667 | Multiple hardcoded credentials in Xsuite 2.x. | [email protected] | 9.8 | 11.12% | 2017-09-25 | 2026-06-16 |
| CVE-2015-4666 | Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter. | [email protected] | 5.0 | 16.23% | 2015-08-13 | 2026-06-16 |
| CVE-2015-4665 | Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter. | [email protected] | 4.3 | 3.31% | 2015-08-13 | 2026-06-16 |