Paloaltonetworks Expedition
16 CVEs affecting Paloaltonetworks Expedition. Latest disclosed: 2025-01-11. Critical: 5, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-0107 | Critical | 9.8 | 2025-01-11 | An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in… |
CVE-2024-5910 | Critical | 9.8 | 2024-07-10 | Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network acc… |
CVE-2018-10143 | Critical | 9.8 | 2018-12-12 | The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on t… |
CVE-2025-0105 | Critical | 9.1 | 2025-01-11 | An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-d… |
CVE-2024-9465 | Critical | 9.1 | 2024-10-09 | An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password has… |
CVE-2025-0103 | High | 8.8 | 2025-01-11 | An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hash… |
CVE-2024-9463 | High | 7.5 | 2024-10-09 | An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, r… |
CVE-2018-10142 | High | 7.5 | 2018-11-27 | The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. |
CVE-2024-9466 | Medium | 6.5 | 2024-10-09 | A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, pass… |
CVE-2024-9464 | Medium | 6.5 | 2024-10-09 | An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, res… |
CVE-2025-0104 | Medium | 6.1 | 2025-01-11 | A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of… |
CVE-2024-9467 | Medium | 6.1 | 2024-10-09 | A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's b… |
CVE-2025-0106 | Medium | 5.3 | 2025-01-11 | A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem. |
CVE-2019-1571 | Medium | 4.8 | 2019-03-26 | The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. |
CVE-2019-1570 | Medium | 4.8 | 2019-03-26 | The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. |
CVE-2019-1569 | Medium | 4.8 | 2019-03-26 | The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for accoun… |