CVE-2015-4668
published 2017-09-25CVE-2015-4668: Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a…
PriorityP434medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
6.72%
93.1th percentile
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xceedium | xsuite | — | — |
| xceedium | xsuite | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Xceedium Xsuite - Multiple Vulnerabilities
exploitdb·2015-07-27·CVSS 9.8
CVE-2015-4669 [CRITICAL] Xceedium Xsuite - Multiple Vulnerabilities
Xceedium Xsuite - Multiple Vulnerabilities
---
See also: http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt
modzero Security Advisory:
Multiple Vulnerabilities in Xceedium Xsuite [MZ-15-02]
1. Timeline
* 2015-06-17: Vulnerabilities have been discovered
* 2015-06-19: Vendor notified via [email protected]
* 2015-06-19: CVE IDs assigned
* 2015-06-26: Public reminder sent via Twitter
* 2015-06-26: Findings updated
* 2015-07-22: Release after Xceedium did not respond within
more than 15 business days
2. Summary
Vendor: Xceedium, Inc.
Products known to be affected:
* Xsuite 2.3.0
* Xsuite 2.4.3.0
* Other products and versions may be affected as well.
Severity: Overall High
Remote exploitable: remote and local
The Xsuite system controls and audits privileged user ac
Nuclei
Xsuite <=2.4.4.5 - Open Redirect
nuclei·CVSS 6.1
CVE-2015-4668 [MEDIUM] Xsuite <=2.4.4.5 - Open Redirect
Xsuite <=2.4.4.5 - Open Redirect
Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter.
Template:
id: CVE-2015-4668
info:
name: Xsuite <=2.4.4.5 - Open Redirect
author: 0x_Akoko
severity: medium
description: |
Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
remediation: |
Upgrade Xsuite to a version higher tha
http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txthttp://www.securityfocus.com/archive/1/536058/100/0/threadedhttps://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.htmlhttps://www.exploit-db.com/exploits/37708/http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txthttp://www.securityfocus.com/archive/1/536058/100/0/threadedhttps://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.htmlhttps://www.exploit-db.com/exploits/37708/
2017-09-25
Published