Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

expedition_migration_tool

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2020-1977
Assigner-Palo Alto Networks, Inc.
ShareView Details
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.36%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 22:57
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Expedition Migration Tool: Insufficient Cross Site Request Forgery protection.

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-expedition_migration_toolExpedition
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1574
Assigner-Palo Alto Networks, Inc.
ShareView Details
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 56.74%
||
7 Day CHG~0.00%
Published-12 Apr, 2019 | 16:57
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-expedition_migration_toolExpedition Migration Tool
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-1567
Assigner-Palo Alto Networks, Inc.
ShareView Details
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.39% / 59.10%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 19:15
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.
Product-expedition_migration_toolPalo Alto Networks Expedition Migration Tool
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')