Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-4664

CWE-20Improper Input Validation4 documents4 sources
Severity
9.8CRITICAL
EPSS
51.0%
top 2.13%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Broadcom Privileged Access ManagerCA Technologies CA Privileged Access ManagerXceedium Xsuite
Timeline
PublishedJun 18
Latest updateMay 13

Description

An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5ca_technologies/ca_privileged_access_manager2.4.4.4 and earlier
NVDxceedium/xsuite2.3.0, 2.4.3.0+1

🔴Vulnerability Details

2
GHSA
GHSA-658r-rq3p-fwrx: An improper input validation vulnerability in CA Privileged Access Manager 22022-05-13
CVEList
CVE-2015-4664: An improper input validation vulnerability in CA Privileged Access Manager 22018-06-18

💥Exploits & PoCs

1
Exploit-DB
Xceedium Xsuite - Multiple Vulnerabilities2015-07-27
CVE-2015-4664 (CRITICAL CVSS 9.8) | An improper input validation vulner | cvebase.io