| Max CVSS | 9.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-9022 | 7.5 |
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
|
13-04-2021 - 20:24 | 18-06-2018 - 18:29 | |
| CVE-2018-9021 | 7.5 |
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
|
13-04-2021 - 20:23 | 18-06-2018 - 18:29 | |
| CVE-2018-9029 | 7.5 |
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
|
12-04-2021 - 13:40 | 18-06-2018 - 18:29 | |
| CVE-2018-9028 | 5.0 |
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
|
12-04-2021 - 13:40 | 18-06-2018 - 18:29 | |
| CVE-2018-9024 | 5.0 |
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.
|
12-04-2021 - 13:40 | 18-06-2018 - 18:29 | |
| CVE-2018-9026 | 5.0 |
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.
|
12-04-2021 - 13:40 | 18-06-2018 - 18:29 | |
| CVE-2018-9025 | 5.0 |
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.
|
12-04-2021 - 13:40 | 18-06-2018 - 18:29 | |
| CVE-2018-9023 | 9.0 |
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
|
12-04-2021 - 13:40 | 18-06-2018 - 18:29 | |
| CVE-2015-4664 | 7.5 |
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
|
12-04-2021 - 13:40 | 18-06-2018 - 18:29 | |
| CVE-2015-4669 | 7.2 |
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
|
09-10-2018 - 19:57 | 25-09-2017 - 17:29 | |
| CVE-2015-4668 | 5.8 |
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
|
09-10-2018 - 19:57 | 25-09-2017 - 17:29 | |
| CVE-2015-4667 | 7.5 |
Multiple hardcoded credentials in Xsuite 2.x.
|
09-10-2018 - 19:57 | 25-09-2017 - 17:29 | |
| CVE-2018-9027 | 4.3 |
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
|
10-08-2018 - 14:07 | 18-06-2018 - 18:29 | |
| CVE-2015-4666 | 5.0 |
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
|
19-06-2018 - 01:29 | 13-08-2015 - 14:59 | |
| CVE-2015-4665 | 4.3 |
Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.
|
19-06-2018 - 01:29 | 13-08-2015 - 14:59 |