CVE Vulnerability

CVE-2019-1569

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.

3.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

4.8 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.tenable.com/security/research/tra-2019-13 Exploit Third Party Advisory
https://securityadvisories.paloaltonetworks.com/Home/Detail/142 Third Party Advisory
http://www.securityfocus.com/bid/107564 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*
Information

Published : 2019-03-26 10:29

Updated : 2019-03-27 12:05

NVD link : CVE-2019-1569

Mitre link : CVE-2019-1569

Products Affected

Expedition

Paloaltonetworks

CWE
CWE-79