CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-1991 – Traps: Insecure temporary file vulnerability may allow privilege escalation on Windows
https://notcve.org/view.php?id=CVE-2020-1991
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS. Una vulnerabilidad de archivo temporal no seguro en Palo Alto Networks Traps, permite a un usuario de Windows autenticado local escalar privilegios o sobrescribir archivos del sistema. • https://security.paloaltonetworks.com/CVE-2020-1991 • CWE-269: Improper Privilege Management CWE-377: Insecure Temporary File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1577
https://notcve.org/view.php?id=CVE-2019-1577
Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. Vulnerabilidad de inyección de código en Palo Alto Networks Traps versión 5.0.5 y anteriores puede permitir que un atacante autenticado inyecte JavaScript o HTML arbitrario. • http://www.securityfocus.com/bid/109053 https://security.paloaltonetworks.com/CVE-2019-1577 • CWE-94: Improper Control of Generation of Code ('Code Injection') •