Paloaltonetworks Expedition

16 CVEs affecting Paloaltonetworks Expedition. Latest disclosed: 2025-01-11. Critical: 5, High: 3.

Top CVEs affecting Paloaltonetworks Expedition
CVESeverityScorePublishedSummary
CVE-2025-0107Critical9.82025-01-11An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in…
CVE-2024-5910Critical9.82024-07-10Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network acc…
CVE-2018-10143Critical9.82018-12-12The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on t…
CVE-2025-0105Critical9.12025-01-11An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-d…
CVE-2024-9465Critical9.12024-10-09An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password has…
CVE-2025-0103High8.82025-01-11An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hash…
CVE-2024-9463High7.52024-10-09An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, r…
CVE-2018-10142High7.52018-11-27The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.
CVE-2024-9466Medium6.52024-10-09A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, pass…
CVE-2024-9464Medium6.52024-10-09An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, res…
CVE-2025-0104Medium6.12025-01-11A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of…
CVE-2024-9467Medium6.12024-10-09A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's b…
CVE-2025-0106Medium5.32025-01-11A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.
CVE-2019-1571Medium4.82019-03-26The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.
CVE-2019-1570Medium4.82019-03-26The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings.
CVE-2019-1569Medium4.82019-03-26The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for accoun…