Xceedium Xsuite vulnerabilities

CVE-2015-4664 [CRITICAL] CWE-20 CVE-2015-4664: An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allow An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.

CVE-2015-4669 [HIGH] CWE-89 CVE-2015-4669: The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.

CVE-2015-4668 [MEDIUM] CWE-601 CVE-2015-4668: Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.

CVE-2015-4665 [MEDIUM] CWE-79 CVE-2015-4665: Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allo Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.

CVE-2015-4666 [MEDIUM] CWE-22 CVE-2015-4666: Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.