CVE-2015-4664

CRITICAL

CA Privileged Access Manager < 2.4.4.4 - Remote Command Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4664. PoCs published by modzero.

AI-analyzed exploit summary This is a detailed security advisory describing multiple vulnerabilities in Xceedium Xsuite, including command injection, XSS, directory traversal, privilege escalation, and hard-coded credentials. It provides proof-of-concept HTTP requests and code snippets to demonstrate the vulnerabilities.

Description

An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.

Exploits (1)

exploitdb WRITEUP
by modzero · textwebappsphp
https://www.exploit-db.com/exploits/37708

This is a detailed security advisory describing multiple vulnerabilities in Xceedium Xsuite, including command injection, XSS, directory traversal, privilege escalation, and hard-coded credentials. It provides proof-of-concept HTTP requests and code snippets to demonstrate the vulnerabilities.

Classification
Writeup 100%
Attack Type
Rce | Xss | Info Leak | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Xceedium Xsuite 2.3.0, 2.4.3.0
No auth needed
Prerequisites: Network access to the Xsuite web interface · Ability to send crafted HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.5100
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (3)
broadcom/privileged_access_manager < 2.4.4.4
xceedium/xsuite 2.3.0
xceedium/xsuite 2.4.3.0
Published Jun 18, 2018
Tracked Since Feb 18, 2026