PAN-SA-2018-0014 – Cross-Site Scripting (XSS) in GlobalProtect Login Page
· Severity = High
· Fixed in PAN-OS 8.1.4. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.
· Affects GlobalProtect Login page
· CVE-2018-10141
PAN-SA-2018-0015 – OpenSSL Vulnerabilities in PAN-OS
· Severity = Medium
· Fixed in PAN-OS 8.1.4. Security Advisory will be updated as soon as fixes are available for PAN-OS 7.1 and PAN-OS 8.0.
· The OpenSSL library in use by PAN-OS is patched on a regular basis.
· CVE-2018-0732, CVE-2018-0737 and CVE-2018-0739
Details of the issues, affected versions, and any mitigation information can be found in the Security Advisories.
Please visit our Security Advisories website to learn more at https://securityadvisories.paloaltonetworks.com/
If you have questions, please contact support https://www.paloaltonetworks.com/company/contact-support
Regards
Product Security Incident Response Team
Palo Alto Networks