CVE-2015-4668
CVSS5.8
发布时间 :2017-09-25 13:29:00
修订时间 :2018-06-18 21:29:00
NMP    

[原文]Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.


[CNNVD]CNNVD数据暂缺。


[机译]帮助我们改进 Google 翻译

- CVSS (基础分值)

CVSS分值: 5.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-601 [指向未可信站点的URL重定向(开放重定向)]

- CPE (受影响的平台与产品)

cpe:/a:xceedium:xsuite:2.3.0
cpe:/a:xceedium:xsuite:2.4.3.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4668
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4668
(官方数据源) NVD

- 其它链接及资源

http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt
(VENDOR_ADVISORY)  MISC  http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt
http://www.securityfocus.com/archive/1/archive/1/536058/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20150722 Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02]
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html
(UNKNOWN)  CONFIRM  https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html
https://www.exploit-db.com/exploits/37708/
(VENDOR_ADVISORY)  EXPLOIT-DB  37708

- 漏洞信息 (F148203)

CA Privileged Access Manager 2.x Code Execution (PacketStormID:F148203)
2018-06-15 00:00:00
Ken Williams  www3.ca.com
advisory,remote,vulnerability
CVE-2015-4664,CVE-2015-4665,CVE-2015-4666,CVE-2015-4667,CVE-2015-4668,CVE-2015-4669,CVE-2018-9021,CVE-2018-9022,CVE-2018-9023,CVE-2018-9024,CVE-2018-9025,CVE-2018-9026,CVE-2018-9027,CVE-2018-9028,CVE-2018-9029
[点击下载]

CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote attacker to conduct a variety of attacks. These risks include seven vulnerabilities privately reported within the past year to CA Technologies by security researchers, and nine vulnerabilities for Xceedium Xsuite that were publicly disclosed in July 2015. CA Technologies acquired Xceedium in August 2015, and Xceedium products were renamed and became part of Privileged Access Management solutions from CA Technologies. Sixteen vulnerabilities are outlined in this advisory.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20180614-01: Security Notice for CA Privileged Access Manager

Issued: June 14th, 2018
Last Updated: June 14th, 2018

CA Technologies Support is alerting customers to multiple potential 
risks with CA Privileged Access Manager. Multiple vulnerabilities 
exist that can allow a remote attacker to conduct a variety of attacks.  
These risks include seven vulnerabilities privately reported within 
the past year to CA Technologies by security researchers, and nine 
vulnerabilities for Xceedium Xsuite that were publicly disclosed in 
July 2015.  CA Technologies acquired Xceedium in August 2015, and 
Xceedium products were renamed and became part of Privileged Access 
Management solutions from CA Technologies.

The first vulnerability, CVE-2018-9021, has a high risk rating and 
concerns the ajax_cmd.php file, which can allow a remote attacker to 
execute arbitrary commands.

The second vulnerability, CVE-2018-9022, has a high risk rating and 
concerns configuration file poisoning, which can allow a remote 
attacker to execute arbitrary code.

The third vulnerability, CVE-2018-9023, has a medium risk rating and 
concerns the update_crld script, which can allow an unprivileged user 
to gain root privileges.

The fourth vulnerability, CVE-2018-9024, has a low risk rating and 
concerns IP spoofing in logs, which can allow a remote attacker to 
masquerade as another machine.

The fifth vulnerability, CVE-2018-9025, has a low risk rating and 
concerns insufficient input validation on the login page, which can 
allow a remote attacker to poison a log file.

The sixth vulnerability, CVE-2018-9026, has a medium risk rating and 
concerns insecure handling of user sessions in multiple scripts, which 
can allow a remote attacker to conduct session fixation attacks.

The seventh vulnerability, CVE-2018-9027, has a medium risk rating and 
concerns insufficient input validation in multiple scripts, which can 
allow a remote attacker to conduct reflected XSS attacks.

The eighth vulnerability, CVE-2015-4664, has a high risk rating and 
concerns insufficient input validation in the login.php script, which 
can allow a remote attacker to execute arbitrary commands.

The ninth vulnerability, CVE-2015-4665, has a medium risk rating and 
concerns insufficient input validation in the ajax_cmd.php script, 
which can allow a remote attacker to conduct reflected XSS attacks.

The tenth vulnerability, CVE-2015-4666, has a high risk rating and 
concerns insufficient input validation in the read_sessionlog.php 
script, which can allow an unauthenticated remote attacker to conduct 
directory traversal attacks and download sensitive information.

The eleventh vulnerability, also CVE-2015-4664, has a high risk rating 
and concerns insufficient input validation by the spadmind script, 
which can allow a local attacker to execute privileged commands.

The twelfth vulnerability, CVE-2015-4667, has a low risk rating and 
concerns the use of hard-coded credentials in multiple scripts, which 
can allow an attacker to potentially conduct a variety of attacks.

The thirteenth vulnerability, CVE-2015-4669, has a high risk rating 
and concerns insecure database credentials, which can allow a local 
user to conduct a variety of attacks.

The fourteenth vulnerability, CVE-2015-4668, has a low risk rating and 
concerns the openwin.php script, which can allow a remote attacker to 
conduct open redirect attacks.

The fifteenth vulnerability, CVE-2018-9028, has a low risk rating and 
concerns unsalted passwords, which can allow an attacker to more 
easily crack passwords.

The sixteenth vulnerability, CVE-2018-9029, has a medium risk rating 
and concerns insufficient input validation in multiple scripts, which 
can allow an attacker to conduct SQL injection attacks.


Risk Rating

CVE-2018-9021 - High
CVE-2018-9022 - High
CVE-2018-9023 - Medium
CVE-2018-9024 - Low
CVE-2018-9025 - Low
CVE-2018-9026 - Medium
CVE-2018-9027 - Medium
CVE-2015-4664 - High
CVE-2015-4665 - Medium
CVE-2015-4666 - High
CVE-2015-4667 - Low
CVE-2015-4669 - High
CVE-2015-4668 - Low
CVE-2018-9028 - Low
CVE-2018-9029 - Medium


Platform(s)

All supported platforms


Affected Products

CA Privileged Access Manager 2.x


Unaffected Products

CA Privileged Access Manager 3.0.0 or later


How to determine if the installation is affected

Customers may use the CA Privileged Access Manager interface to find 
the release and then use the table in the Affected Products section to 
determine if the installation is vulnerable.


Solution

CA Technologies published the following solution to address the 
vulnerabilities.

CA Privileged Access Manager:
Update to CA Privileged Access Manager 3.0.0 or later to address all 
vulnerabilities in this security notice.


References

CVE-2018-9021 - PAM ajax_cmd.php RCE
CVE-2018-9022 - PAM configuration file poisoning RCE
CVE-2018-9023 - PAM update_crld privilege escalation
CVE-2018-9024 - PAM IP spoofing in logs
CVE-2018-9025 - PAM log poisoning
CVE-2018-9026 - PAM session fixation
CVE-2018-9027 - PAM reflected XSS
CVE-2015-4664 - PAM login.php RCE
CVE-2015-4665 - PAM ajax_cmd.php reflected XSS
CVE-2015-4666 - PAM read_sessionlog.php directory traversal
CVE-2015-4664 - PAM spadmind command execution
CVE-2015-4667 - PAM hard-coded credentials
CVE-2015-4669 - PAM insecure database credentials
CVE-2015-4668 - PAM openwin.php open redirect
CVE-2018-9028 - PAM unsalted passwords
CVE-2018-9029 - PAM SQL injection
www.ca.com/us/company/acquisitions/xceedium-is-now-ca-technologies.html


Acknowledgement

CVE-2018-9021 - Peter Lapp
CVE-2018-9022 - Dan Cocking
CVE-2018-9023 - Peter Lapp
CVE-2018-9024 - Peter Lapp
CVE-2018-9025 - Peter Lapp
CVE-2018-9026 - Peter Lapp
CVE-2018-9027 - Peter Lapp


Change History

Version 1.0: 2018-06-14 - Initial Release


Customers who require additional information about this notice may
contact CA Technologies Support at https://support.ca.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team
CA Technologies | 520 Madison Avenue, 22nd Floor, New York NY 10022


Copyright (c) 2018 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022.  All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8

wsFVAwUBWyMPFrlJjor7ahBNAQiAJQ//TZF1JZGfX2LqrqT9YsZade20xl9rAyZA
iaCLHQzOCf/xjIeu80phrhNC9jvvQjv6/ftKQrVJljaG6e8m7FrPbu/gYlFrSZrT
mUyZ27GvEQgwdFVNw5z841dowbz3hDnyYPpURGeyUXwDWZi8qLVd1/t4U5YiHEGw
FcClAez4inJk35cFtYIUyGhBNMYIHtH+fUQGWqyPv7NQ+zzmx04utJXfN0PgAZKF
QlcSYsMhSvn2e6wDd9LSpFVN9LEBPtHZ/gn/J9mx8zAF2dREwzXpikUbXixGFPSG
w4d+OOiImb6NCnNHuU+KITzp/jJLsRmqpsyy3PYAuRzXSwvxTseJpk1HH6/l/wWg
EUi7glKUuHdNmfhCNPeTfLjWne+FNiibeOibSx+y6iuZScCGDJWHD4rGcSFXvlBT
m2D4mjmeUrbN/4v51LThGjkBrOCOnuI3OD5sZIghOdZslIychpPk15aU8761o1vZ
MlBTSyxGOOvt7hn30N9883Sx3aK+kec3YvHttnVl3gEYWHOBbrXHRVNXMREbsr8H
GBfsyHcYpGav8vcK8udrSRuFOHFPX7XjnMExc0huaCLGGKaXDn1nNvoWoo1Z2BIP
2+h63prz1yn4+JV5xdA4qCvMK3o83vemR5ZZ10JitUn5qlcQT2oRJ31voxl9xmZq
Jg1bsOMzZy4=
=+WwQ
-----END PGP SIGNATURE-----
    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站