VYPR

Panorama

by Snaporbital

CVEs (6)

  • CVE-2020-2021KEVJun 29, 2020
    risk 0.20cvss epss 0.04

    When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access…

  • CVE-2024-11843May 15, 2025
    risk 0.00cvss epss 0.00

    The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…

  • CVE-2024-5911Jul 10, 2024
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter…

  • CVE-2024-3387Apr 10, 2024
    risk 0.00cvss epss 0.00

    A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing…

  • CVE-2023-23810May 12, 2023
    risk 0.00cvss epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin <= 1.5 versions.

  • CVE-2020-2012May 13, 2020
    risk 0.00cvss epss 0.02

    Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue…