Vulnerabilites related to Palo Alto - Palo Alto Networks Expedition Migration Tool
CVE-2019-1571 (GCVE-0-2019-1571)
Vulnerability from cvelistv5
Published
2019-03-26 22:08
Modified
2024-08-04 18:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto | Palo Alto Networks Expedition Migration Tool |
Version: Expedition 1.1.8 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:27.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-13"
},
{
"name": "107564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107564"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Expedition Migration Tool",
"vendor": "Palo Alto",
"versions": [
{
"status": "affected",
"version": "Expedition 1.1.8 and earlier"
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T22:09:16",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-13"
},
{
"name": "107564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107564"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-1571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Expedition Migration Tool",
"version": {
"version_data": [
{
"version_value": "Expedition 1.1.8 and earlier"
}
]
}
}
]
},
"vendor_name": "Palo Alto"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142"
},
{
"name": "https://www.tenable.com/security/research/tra-2019-13",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-13"
},
{
"name": "107564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107564"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-1571",
"datePublished": "2019-03-26T22:08:44",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-08-04T18:20:27.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1570 (GCVE-0-2019-1570)
Vulnerability from cvelistv5
Published
2019-03-26 21:46
Modified
2024-08-04 18:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto | Palo Alto Networks Expedition Migration Tool |
Version: Expedition 1.1.8 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:28.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-13"
},
{
"name": "107564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107564"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Expedition Migration Tool",
"vendor": "Palo Alto",
"versions": [
{
"status": "affected",
"version": "Expedition 1.1.8 and earlier"
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T21:51:10",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-13"
},
{
"name": "107564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107564"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-1570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Expedition Migration Tool",
"version": {
"version_data": [
{
"version_value": "Expedition 1.1.8 and earlier"
}
]
}
}
]
},
"vendor_name": "Palo Alto"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142"
},
{
"name": "https://www.tenable.com/security/research/tra-2019-13",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-13"
},
{
"name": "107564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107564"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-1570",
"datePublished": "2019-03-26T21:46:42",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-08-04T18:20:28.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1569 (GCVE-0-2019-1569)
Vulnerability from cvelistv5
Published
2019-03-26 21:44
Modified
2024-08-04 18:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto | Palo Alto Networks Expedition Migration Tool |
Version: Expedition 1.1.8 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:27.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-13"
},
{
"name": "107564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107564"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Palo Alto Networks Expedition Migration Tool",
"vendor": "Palo Alto",
"versions": [
{
"status": "affected",
"version": "Expedition 1.1.8 and earlier"
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T21:50:25",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-13"
},
{
"name": "107564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107564"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"ID": "CVE-2019-1569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Palo Alto Networks Expedition Migration Tool",
"version": {
"version_data": [
{
"version_value": "Expedition 1.1.8 and earlier"
}
]
}
}
]
},
"vendor_name": "Palo Alto"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-13",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-13"
},
{
"name": "107564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107564"
},
{
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142",
"refsource": "MISC",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-1569",
"datePublished": "2019-03-26T21:44:41",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-08-04T18:20:27.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}