Page 2 of 8 results (0.005 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. La herramienta Expedition Migration, en versiones 1.1.8 y anteriores, podría permitir que un atacante autenticado ejecute JavaScript o HTML arbitrarios en las opciones de mapeo de usuarios para el nombre de cuenta del usuario administrador. • http://www.securityfocus.com/bid/107564 https://securityadvisories.paloaltonetworks.com/Home/Detail/142 https://www.tenable.com/security/research/tra-2019-13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. La versión 1.0.107 de la herramienta Palo Alto Networks Expedition Migration podría permitir a un atacante no autenticado con acceso remoto ejecutar comandos a nivel del sistema en el dispositivo que aloje este servicio/aplicación. • http://www.securityfocus.com/bid/106174 https://doddsecurity.com/234/command-injection-on-palo-alto-networks-expedition https://security.paloaltonetworks.com/CVE-2018-10143 • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. La herramienta Expedition Migration 1.0.106 y anteriores podría permitir que un atacante no autenticado enumere archivos en el sistema operativo. • http://www.securityfocus.com/bid/106069 https://security.paloaltonetworks.com/CVE-2018-10142 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •