Arbitrary Code Execution in Expedition Migration Tool by Palo Alto Networks
CVE-2019-1567
5.4MEDIUM
Key Information:
- Vendor
- Palo Alto Networks
- Vendor
- CVE Published:
- 9 April 2019
Summary
The Expedition Migration tool, version 1.1.6 and earlier, contains a vulnerability that could be exploited by authenticated attackers to execute arbitrary JavaScript or HTML code within the User Mapping Settings. This weakness could lead to serious security implications, including unauthorized data access and manipulation, compromising the integrity of the system. Organizations using affected versions should take immediate action to mitigate the risk associated with this vulnerability.
Affected Version(s)
Palo Alto Networks Expedition Migration Tool Expedition 1.1.6 and earlier
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved