Vulnerabilities > Paloaltonetworks > PAN OS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-13 | CVE-2020-2017 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. | 4.3 |
| 2020-05-13 | CVE-2020-2013 | Cleartext Transmission of Sensitive Information vulnerability in Paloaltonetworks Pan-Os A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. | 6.8 |
| 2020-05-13 | CVE-2020-2012 | XXE vulnerability in Paloaltonetworks Pan-Os Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. | 5.0 |
| 2020-05-13 | CVE-2020-2005 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. | 4.3 |
| 2020-05-13 | CVE-2020-2002 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. | 6.8 |
| 2020-05-13 | CVE-2020-1998 | Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. | 6.5 |
| 2020-05-13 | CVE-2020-1997 | Open Redirect vulnerability in Paloaltonetworks Pan-Os An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. | 5.8 |
| 2020-05-13 | CVE-2020-1996 | Missing Authorization vulnerability in Paloaltonetworks Pan-Os A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. | 5.0 |
| 2020-05-13 | CVE-2020-1995 | NULL Pointer Dereference vulnerability in Paloaltonetworks Pan-Os 9.1.0/9.1.1 A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. | 6.8 |
| 2020-05-13 | CVE-2020-1994 | Unspecified vulnerability in Paloaltonetworks Pan-Os A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. | 4.9 |