Search criteria
18 vulnerabilities found for Prisma Cloud Compute by Palo Alto Networks
CERTFR-2025-AVI-0410
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les versions correctives pour la vulnérabilité CVE-2025-0133 sont prévus pour juin (PAN-OS 11.2.8), juillet (PAN-OS 11.1.11) et août 2025 (PAN-OS 10.2.17)
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions antérieures à 6.0.0 sans les derniers correctifs de sécurité | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.2.x antérieures à 11.2.5 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions antérieures à 6.1.0 sans les derniers correctifs de sécurité | ||
| Palo Alto Networks | N/A | MetaDefender Endpoint Security versions antérieures à 4.3.4451 sur Windows | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions antérieures à 10.1.14-h14 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 10.2.x antérieures à 10.2.13 | ||
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute Edition versions antérieures à 34.00.141 | ||
| Palo Alto Networks | Prisma Access | Prisma Access Browser versions antérieures à 136.11.9.93 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.0.x antérieures à 11.0.7 | ||
| Palo Alto Networks | Cortex XDR Broker | Cortex XDR Broker VM versions antérieures à 26.0.119 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 11.1.x antérieures à 11.1.8 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.2.x antérieures à 6.2.8 sur macOS | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.3.x antérieures à 6.3.3 sur macOS |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.0.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.5",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions ant\u00e9rieures \u00e0 6.1.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "MetaDefender Endpoint Security versions ant\u00e9rieures \u00e0 4.3.4451 sur Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions ant\u00e9rieures \u00e0 10.1.14-h14",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.13",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Cloud Compute Edition versions ant\u00e9rieures \u00e0 34.00.141",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 136.11.9.93",
"product": {
"name": "Prisma Access",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.7",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Broker VM versions ant\u00e9rieures \u00e0 26.0.119",
"product": {
"name": "Cortex XDR Broker",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 11.1.x ant\u00e9rieures \u00e0 11.1.8",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.8 sur macOS",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3 sur macOS",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "Les versions correctives pour la vuln\u00e9rabilit\u00e9 CVE-2025-0133 sont pr\u00e9vus pour juin (PAN-OS 11.2.8), juillet (PAN-OS 11.1.11) et ao\u00fbt 2025 (PAN-OS 10.2.17)",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0135"
},
{
"name": "CVE-2025-3066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3066"
},
{
"name": "CVE-2025-0134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0134"
},
{
"name": "CVE-2025-3072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3072"
},
{
"name": "CVE-2025-0138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0138"
},
{
"name": "CVE-2025-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0131"
},
{
"name": "CVE-2025-3068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3068"
},
{
"name": "CVE-2025-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3619"
},
{
"name": "CVE-2025-0137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0137"
},
{
"name": "CVE-2025-4096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4096"
},
{
"name": "CVE-2025-4052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4052"
},
{
"name": "CVE-2025-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3620"
},
{
"name": "CVE-2025-0130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0130"
},
{
"name": "CVE-2025-3067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3067"
},
{
"name": "CVE-2025-0133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0133"
},
{
"name": "CVE-2025-0132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0132"
},
{
"name": "CVE-2025-4372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4372"
},
{
"name": "CVE-2025-3074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3074"
},
{
"name": "CVE-2025-4050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4050"
},
{
"name": "CVE-2025-0136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0136"
},
{
"name": "CVE-2025-4051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4051"
},
{
"name": "CVE-2025-3071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3071"
},
{
"name": "CVE-2025-3069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3069"
},
{
"name": "CVE-2025-3073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3073"
},
{
"name": "CVE-2025-3070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3070"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0410",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2025-05-14",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0138",
"url": "https://security.paloaltonetworks.com/CVE-2025-0138"
},
{
"published_at": "2025-05-14",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0133",
"url": "https://security.paloaltonetworks.com/CVE-2025-0133"
},
{
"published_at": "2025-05-14",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0134",
"url": "https://security.paloaltonetworks.com/CVE-2025-0134"
},
{
"published_at": "2025-05-14",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0131",
"url": "https://security.paloaltonetworks.com/CVE-2025-0131"
},
{
"published_at": "2025-06-06",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0135",
"url": "https://security.paloaltonetworks.com/CVE-2025-0135"
},
{
"published_at": "2025-05-14",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0137",
"url": "https://security.paloaltonetworks.com/CVE-2025-0137"
},
{
"published_at": "2025-05-14",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0132",
"url": "https://security.paloaltonetworks.com/CVE-2025-0132"
},
{
"published_at": "2025-05-14",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0009",
"url": "https://security.paloaltonetworks.com/PAN-SA-2025-0009"
},
{
"published_at": "2025-05-14",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0136",
"url": "https://security.paloaltonetworks.com/CVE-2025-0136"
},
{
"published_at": "2025-05-14",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0130",
"url": "https://security.paloaltonetworks.com/CVE-2025-0130"
}
]
}
CERTFR-2024-AVI-0491
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.2.x antérieures à 6.2.3 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 5.1.x antérieures à 5.1.12 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.9.x.-CE antérieures à 7.9.102-CE sur Windows | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.1.x à 8.2.x antérieures à 8.2.1 sur Windows | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.1.x antérieures à 6.1.3 | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.0.x antérieures à 6.0.8 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 8.3.x antérieures à 8.3.1 sur Windows | ||
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions 32.x antérieures à 32.05 (O’Neal - Update 5) |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.12",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.9.x.-CE ant\u00e9rieures \u00e0 7.9.102-CE sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.1.x \u00e0 8.2.x ant\u00e9rieures \u00e0 8.2.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.1.x ant\u00e9rieures \u00e0 6.1.3",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.8",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.1 sur Windows",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Cloud Compute versions 32.x ant\u00e9rieures \u00e0 32.05 (O\u2019Neal - Update 5)",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5908"
},
{
"name": "CVE-2024-5907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5907"
},
{
"name": "CVE-2024-5905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5905"
},
{
"name": "CVE-2024-5906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5906"
},
{
"name": "CVE-2024-5909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5909"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0491",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5906",
"url": "https://security.paloaltonetworks.com/CVE-2024-5906"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5908",
"url": "https://security.paloaltonetworks.com/CVE-2024-5908"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5907",
"url": "https://security.paloaltonetworks.com/CVE-2024-5907"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5905",
"url": "https://security.paloaltonetworks.com/CVE-2024-5905"
},
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5909",
"url": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
]
}
CERTFR-2021-AVI-532
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions 20.12 antérieures à 20.12.552 | ||
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions 21.04 antérieures à 21.04.439 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.3 sans le correctif 181 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.2 sans le correctif 181 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 6.1 sans le correctif 181 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Prisma Cloud Compute versions 20.12 ant\u00e9rieures \u00e0 20.12.552",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Cloud Compute versions 21.04 ant\u00e9rieures \u00e0 21.04.439",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.3 sans le correctif 181",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 7.2 sans le correctif 181",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 6.1 sans le correctif 181",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3042",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3042"
},
{
"name": "CVE-2021-3043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3043"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto\u00a0Networks CVE-2021-3042 du 14 juillet 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3042"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto\u00a0Networks CVE-2021-3043 du 14 juillet 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3043"
}
],
"reference": "CERTFR-2021-AVI-532",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Elles permettent \u00e0 un attaquant de provoquer une\n\u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3043 du 14 juillet 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3042 du 14 juillet 2021",
"url": null
}
]
}
CERTFR-2021-AVI-454
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 7.2.x antérieures à 7.2.3 ou sans un correctif de sécurité antérieur à 171 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 6.1.x antérieures à 6.1.8 | ||
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions antérieures à 21.04.412 | ||
| Palo Alto Networks | Cortex XDR Agent | Cortex XDR Agent versions 5.0.x antérieures à 5.0.11 | ||
| Palo Alto Networks | N/A | Bridgecrew Checkov versions 2.x antérieures à 2.0.139 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cortex XDR Agent versions 7.2.x ant\u00e9rieures \u00e0 7.2.3 ou sans un correctif de s\u00e9curit\u00e9 ant\u00e9rieur \u00e0 171",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 6.1.x ant\u00e9rieures \u00e0 6.1.8",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Cloud Compute versions ant\u00e9rieures \u00e0 21.04.412",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Cortex XDR Agent versions 5.0.x ant\u00e9rieures \u00e0 5.0.11",
"product": {
"name": "Cortex XDR Agent",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Bridgecrew Checkov versions 2.x ant\u00e9rieures \u00e0 2.0.139",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3041",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3041"
},
{
"name": "CVE-2021-3040",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3040"
},
{
"name": "CVE-2021-3039",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3039"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-454",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3040 du 09 juin 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3040"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3041 du 09 juin 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3041"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3039 du 09 juin 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3039"
}
]
}
CERTFR-2021-AVI-110
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Palo Alto Networks Prisma Cloud Compute. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute | Prisma Cloud Compute versions antérieures à 20.12 update 1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Prisma Cloud Compute versions ant\u00e9rieures \u00e0 20.12 update 1",
"product": {
"name": "Prisma Cloud Compute",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3033"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-110",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Palo Alto Networks Prisma Cloud\nCompute. Elle permet \u00e0 un attaquant de provoquer un contournement de la\npolitique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Palo Alto Networks Prisma Cloud Compute",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2021-3033 du 10 f\u00e9vrier 2021",
"url": "https://security.paloaltonetworks.com/CVE-2021-3033"
}
]
}
CVE-2024-5906 (GCVE-0-2024-5906)
Vulnerability from cvelistv5 – Published: 2024-06-12 16:22 – Updated: 2024-08-01 21:25
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute |
Affected:
32 , < 32.05 (O’Neal - Update 5)
(custom)
|
Credits
Palo Alto Networks thanks Tomasz Stachowicz for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*"
],
"defaultStatus": "unknown",
"product": "prisma_cloud",
"vendor": "paloaltonetworks",
"versions": [
{
"lessThan": "32.05",
"status": "affected",
"version": "32",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*"
],
"defaultStatus": "unknown",
"product": "prisma_cloud",
"vendor": "paloaltonetworks",
"versions": [
{
"lessThanOrEqual": "32.05",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T18:11:55.656236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T18:17:47.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prisma Cloud Compute",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "32.05 (O\u2019Neal - Update 5)",
"status": "unaffected"
}
],
"lessThan": "32.05 (O\u2019Neal - Update 5)",
"status": "affected",
"version": "32",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Tomasz Stachowicz for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user\u0027s browser when accessed by that other user.\u003c/p\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user\u0027s browser when accessed by that other user."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:22:38.881Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5906"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Prisma Cloud Compute 32.05 (O\u0027Neal - Update 5) and all later versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Prisma Cloud Compute 32.05 (O\u0027Neal - Update 5) and all later versions."
}
],
"source": {
"defect": [
"CWP-56273"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectsSummary": {
"affected": [
"\u003c 32.05 (O\u2019Neal - Update 5)"
],
"appliesTo": [
"Prisma Cloud Compute 32"
],
"product_versions": [
"Prisma Cloud Compute 32"
],
"unaffected": [
"\u003e= 32.05 (O\u2019Neal - Update 5)"
],
"unknown": [
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CWP-56273",
"STATE": "PUBLIC",
"TITLE": "Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prisma Cloud Compute",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "32",
"version_value": "32.05 (O\u2019Neal - Update 5)"
},
{
"version_affected": "!\u003e=",
"version_name": "32",
"version_value": "32.05 (O\u2019Neal - Update 5)"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Tomasz Stachowicz and Declap Harp for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user\u0027s browser when accessed by that other user."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CWP-56273"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 32.05 (O\u0027Neal - Update 5) and all later versions."
}
],
"source": {
"defect": [
"CWP-56273"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5906",
"datePublished": "2024-06-12T16:22:38.881Z",
"dateReserved": "2024-06-12T15:27:55.088Z",
"dateUpdated": "2024-08-01T21:25:03.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3043 (GCVE-0-2021-3043)
Vulnerability from cvelistv5 – Published: 2021-07-15 16:45 – Updated: 2024-09-17 01:21
VLAI?
Summary
A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439.
Severity ?
7.5 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute |
Affected:
21.04 , < 21.04.439
(custom)
Affected: 20.12 , < 20.12.552 (custom) |
Credits
This issue was found during an internal security review.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Prisma Cloud Compute",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "21.04.439",
"status": "unaffected"
}
],
"lessThan": "21.04.439",
"status": "affected",
"version": "21.04",
"versionType": "custom"
},
{
"changes": [
{
"at": "20.12.552",
"status": "unaffected"
}
],
"lessThan": "20.12.552",
"status": "affected",
"version": "20.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found during an internal security review."
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T16:45:13",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3043"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 20.12.552, Prisma Cloud Compute 21.04.439, and all later Prisma Cloud Compute versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-07-14T00:00:00",
"value": "Initial publication"
}
],
"title": "Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-3043",
"STATE": "PUBLIC",
"TITLE": "Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prisma Cloud Compute",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "21.04",
"version_value": "21.04.439"
},
{
"version_affected": "!\u003e=",
"version_name": "21.04",
"version_value": "21.04.439"
},
{
"version_affected": "\u003c",
"version_name": "20.12",
"version_value": "20.12.552"
},
{
"version_affected": "!\u003e=",
"version_name": "20.12",
"version_value": "20.12.552"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found during an internal security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3043",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3043"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 20.12.552, Prisma Cloud Compute 21.04.439, and all later Prisma Cloud Compute versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-07-14T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Prisma Cloud Compute 21.04",
"Prisma Cloud Compute 20.12"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3043",
"datePublished": "2021-07-15T16:45:13.845939Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T01:21:53.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3039 (GCVE-0-2021-3039)
Vulnerability from cvelistv5 – Published: 2021-06-10 12:33 – Updated: 2024-09-17 01:50
VLAI?
Summary
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.
Severity ?
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute |
Affected:
20.04 , < 21.04.412
(custom)
|
Credits
Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Prisma Cloud Compute",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "21.04.412",
"status": "unaffected"
}
],
"lessThan": "21.04.412",
"status": "affected",
"version": "20.04",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue."
}
],
"datePublic": "2021-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-10T12:33:06",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3039"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions."
}
],
"source": {
"defect": [
"TL-28359"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-06-09T00:00:00",
"value": "Initial publication"
}
],
"title": "Prisma Cloud Compute: User role authorization secret for Console leaked through log file export",
"workarounds": [
{
"lang": "en",
"value": "Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-06-09T16:00:00.000Z",
"ID": "CVE-2021-3039",
"STATE": "PUBLIC",
"TITLE": "Prisma Cloud Compute: User role authorization secret for Console leaked through log file export"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prisma Cloud Compute",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.04",
"version_value": "21.04.412"
},
{
"version_affected": "!\u003e=",
"version_name": "20.04",
"version_value": "21.04.412"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3039",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3039"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions."
}
],
"source": {
"defect": [
"TL-28359"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-06-09T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version."
}
],
"x_affectedList": [
"Prisma Cloud Compute 20.04"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3039",
"datePublished": "2021-06-10T12:33:06.234748Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T01:50:54.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3033 (GCVE-0-2021-3033)
Vulnerability from cvelistv5 – Published: 2021-02-10 17:35 – Updated: 2024-09-17 03:14
VLAI?
Summary
An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability.
Severity ?
9.1 (Critical)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute |
Affected:
19.11 , ≤ update 2
(custom)
Affected: 20.04 , ≤ update 2 (custom) Affected: 20.09 , ≤ update 2 (custom) Affected: 20.12 , < update 1 (custom) |
Credits
This issue was found by Palo Alto Networks during internal security review.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Prisma Cloud Compute",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThanOrEqual": "update 2",
"status": "affected",
"version": "19.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "update 2",
"status": "affected",
"version": "20.04",
"versionType": "custom"
},
{
"lessThanOrEqual": "update 2",
"status": "affected",
"version": "20.09",
"versionType": "custom"
},
{
"changes": [
{
"at": "update 1",
"status": "unaffected"
}
],
"lessThan": "update 1",
"status": "affected",
"version": "20.12",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue impacts only Prisma Cloud Compute configurations that use SAML authentication."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Palo Alto Networks during internal security review."
}
],
"datePublic": "2021-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-10T17:35:13",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3033"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 20.12 update 1 and all later versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-02-10T00:00:00",
"value": "Initial publication"
}
],
"title": "Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console",
"workarounds": [
{
"lang": "en",
"value": "You can mitigate the impact of this issue by disabling SAML authentication in the Prisma Cloud Compute configuration"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-02-10T17:00:00.000Z",
"ID": "CVE-2021-3033",
"STATE": "PUBLIC",
"TITLE": "Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prisma Cloud Compute",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "19.11",
"version_value": "update 2"
},
{
"version_affected": "\u003c=",
"version_name": "20.04",
"version_value": "update 2"
},
{
"version_affected": "\u003c=",
"version_name": "20.09",
"version_value": "update 2"
},
{
"version_affected": "\u003c",
"version_name": "20.12",
"version_value": "update 1"
},
{
"version_affected": "!\u003e=",
"version_name": "20.12",
"version_value": "update 1"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue impacts only Prisma Cloud Compute configurations that use SAML authentication."
}
],
"credit": [
{
"lang": "eng",
"value": "This issue was found by Palo Alto Networks during internal security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3033",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3033"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 20.12 update 1 and all later versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-02-10T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "You can mitigate the impact of this issue by disabling SAML authentication in the Prisma Cloud Compute configuration"
}
],
"x_affectedList": [
"Prisma Cloud Compute 20.12",
"Prisma Cloud Compute 20.09",
"Prisma Cloud Compute 20.04",
"Prisma Cloud Compute 19.11"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3033",
"datePublished": "2021-02-10T17:35:13.982321Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T03:14:39.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5906 (GCVE-0-2024-5906)
Vulnerability from nvd – Published: 2024-06-12 16:22 – Updated: 2024-08-01 21:25
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute |
Affected:
32 , < 32.05 (O’Neal - Update 5)
(custom)
|
Credits
Palo Alto Networks thanks Tomasz Stachowicz for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*"
],
"defaultStatus": "unknown",
"product": "prisma_cloud",
"vendor": "paloaltonetworks",
"versions": [
{
"lessThan": "32.05",
"status": "affected",
"version": "32",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*"
],
"defaultStatus": "unknown",
"product": "prisma_cloud",
"vendor": "paloaltonetworks",
"versions": [
{
"lessThanOrEqual": "32.05",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T18:11:55.656236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T18:17:47.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prisma Cloud Compute",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "32.05 (O\u2019Neal - Update 5)",
"status": "unaffected"
}
],
"lessThan": "32.05 (O\u2019Neal - Update 5)",
"status": "affected",
"version": "32",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Palo Alto Networks thanks Tomasz Stachowicz for discovering and reporting this issue."
}
],
"datePublic": "2024-06-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user\u0027s browser when accessed by that other user.\u003c/p\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user\u0027s browser when accessed by that other user."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:22:38.881Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5906"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Prisma Cloud Compute 32.05 (O\u0027Neal - Update 5) and all later versions.\u003c/p\u003e"
}
],
"value": "This issue is fixed in Prisma Cloud Compute 32.05 (O\u0027Neal - Update 5) and all later versions."
}
],
"source": {
"defect": [
"CWP-56273"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"x_legacyV4Record": {
"CNA_private": {
"Priority": "normal",
"STATE": "review",
"TYPE": "advisory",
"affectsSummary": {
"affected": [
"\u003c 32.05 (O\u2019Neal - Update 5)"
],
"appliesTo": [
"Prisma Cloud Compute 32"
],
"product_versions": [
"Prisma Cloud Compute 32"
],
"unaffected": [
"\u003e= 32.05 (O\u2019Neal - Update 5)"
],
"unknown": [
""
]
},
"owner": "abaishya",
"publish": {
"month": "06",
"year": "2024",
"ym": "2024-06"
},
"share_with_CVE": true,
"show_cvss": true
},
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
"ID": "CVE-2023-case-CWP-56273",
"STATE": "PUBLIC",
"TITLE": "Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prisma Cloud Compute",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "32",
"version_value": "32.05 (O\u2019Neal - Update 5)"
},
{
"version_affected": "!\u003e=",
"version_name": "32",
"version_value": "32.05 (O\u2019Neal - Update 5)"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Tomasz Stachowicz and Declap Harp for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user\u0027s browser when accessed by that other user."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2023-case-CWP-56273"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 32.05 (O\u0027Neal - Update 5) and all later versions."
}
],
"source": {
"defect": [
"CWP-56273"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00",
"value": "Initial publication"
}
],
"x_advisoryEoL": false
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5906",
"datePublished": "2024-06-12T16:22:38.881Z",
"dateReserved": "2024-06-12T15:27:55.088Z",
"dateUpdated": "2024-08-01T21:25:03.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3043 (GCVE-0-2021-3043)
Vulnerability from nvd – Published: 2021-07-15 16:45 – Updated: 2024-09-17 01:21
VLAI?
Summary
A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439.
Severity ?
7.5 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute |
Affected:
21.04 , < 21.04.439
(custom)
Affected: 20.12 , < 20.12.552 (custom) |
Credits
This issue was found during an internal security review.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Prisma Cloud Compute",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "21.04.439",
"status": "unaffected"
}
],
"lessThan": "21.04.439",
"status": "affected",
"version": "21.04",
"versionType": "custom"
},
{
"changes": [
{
"at": "20.12.552",
"status": "unaffected"
}
],
"lessThan": "20.12.552",
"status": "affected",
"version": "20.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found during an internal security review."
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T16:45:13",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3043"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 20.12.552, Prisma Cloud Compute 21.04.439, and all later Prisma Cloud Compute versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-07-14T00:00:00",
"value": "Initial publication"
}
],
"title": "Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-3043",
"STATE": "PUBLIC",
"TITLE": "Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prisma Cloud Compute",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "21.04",
"version_value": "21.04.439"
},
{
"version_affected": "!\u003e=",
"version_name": "21.04",
"version_value": "21.04.439"
},
{
"version_affected": "\u003c",
"version_name": "20.12",
"version_value": "20.12.552"
},
{
"version_affected": "!\u003e=",
"version_name": "20.12",
"version_value": "20.12.552"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found during an internal security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3043",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3043"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 20.12.552, Prisma Cloud Compute 21.04.439, and all later Prisma Cloud Compute versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-07-14T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Prisma Cloud Compute 21.04",
"Prisma Cloud Compute 20.12"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3043",
"datePublished": "2021-07-15T16:45:13.845939Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T01:21:53.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3039 (GCVE-0-2021-3039)
Vulnerability from nvd – Published: 2021-06-10 12:33 – Updated: 2024-09-17 01:50
VLAI?
Summary
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.
Severity ?
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute |
Affected:
20.04 , < 21.04.412
(custom)
|
Credits
Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Prisma Cloud Compute",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "21.04.412",
"status": "unaffected"
}
],
"lessThan": "21.04.412",
"status": "affected",
"version": "20.04",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue."
}
],
"datePublic": "2021-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-10T12:33:06",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3039"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions."
}
],
"source": {
"defect": [
"TL-28359"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-06-09T00:00:00",
"value": "Initial publication"
}
],
"title": "Prisma Cloud Compute: User role authorization secret for Console leaked through log file export",
"workarounds": [
{
"lang": "en",
"value": "Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-06-09T16:00:00.000Z",
"ID": "CVE-2021-3039",
"STATE": "PUBLIC",
"TITLE": "Prisma Cloud Compute: User role authorization secret for Console leaked through log file export"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prisma Cloud Compute",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.04",
"version_value": "21.04.412"
},
{
"version_affected": "!\u003e=",
"version_name": "20.04",
"version_value": "21.04.412"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Jakub Palaczynski for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3039",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3039"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 21.04.412 and all later versions."
}
],
"source": {
"defect": [
"TL-28359"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-06-09T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "Operator role and Auditor role users can be temporarily disabled in the Prisma Cloud Compute Console until Prisma Cloud Compute is upgraded to a fixed version."
}
],
"x_affectedList": [
"Prisma Cloud Compute 20.04"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3039",
"datePublished": "2021-06-10T12:33:06.234748Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T01:50:54.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3033 (GCVE-0-2021-3033)
Vulnerability from nvd – Published: 2021-02-10 17:35 – Updated: 2024-09-17 03:14
VLAI?
Summary
An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability.
Severity ?
9.1 (Critical)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute |
Affected:
19.11 , ≤ update 2
(custom)
Affected: 20.04 , ≤ update 2 (custom) Affected: 20.09 , ≤ update 2 (custom) Affected: 20.12 , < update 1 (custom) |
Credits
This issue was found by Palo Alto Networks during internal security review.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Prisma Cloud Compute",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThanOrEqual": "update 2",
"status": "affected",
"version": "19.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "update 2",
"status": "affected",
"version": "20.04",
"versionType": "custom"
},
{
"lessThanOrEqual": "update 2",
"status": "affected",
"version": "20.09",
"versionType": "custom"
},
{
"changes": [
{
"at": "update 1",
"status": "unaffected"
}
],
"lessThan": "update 1",
"status": "affected",
"version": "20.12",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue impacts only Prisma Cloud Compute configurations that use SAML authentication."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Palo Alto Networks during internal security review."
}
],
"datePublic": "2021-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-10T17:35:13",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3033"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 20.12 update 1 and all later versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-02-10T00:00:00",
"value": "Initial publication"
}
],
"title": "Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console",
"workarounds": [
{
"lang": "en",
"value": "You can mitigate the impact of this issue by disabling SAML authentication in the Prisma Cloud Compute configuration"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-02-10T17:00:00.000Z",
"ID": "CVE-2021-3033",
"STATE": "PUBLIC",
"TITLE": "Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prisma Cloud Compute",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "19.11",
"version_value": "update 2"
},
{
"version_affected": "\u003c=",
"version_name": "20.04",
"version_value": "update 2"
},
{
"version_affected": "\u003c=",
"version_name": "20.09",
"version_value": "update 2"
},
{
"version_affected": "\u003c",
"version_name": "20.12",
"version_value": "update 1"
},
{
"version_affected": "!\u003e=",
"version_name": "20.12",
"version_value": "update 1"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue impacts only Prisma Cloud Compute configurations that use SAML authentication."
}
],
"credit": [
{
"lang": "eng",
"value": "This issue was found by Palo Alto Networks during internal security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3033",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3033"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Prisma Cloud Compute 20.12 update 1 and all later versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-02-10T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "You can mitigate the impact of this issue by disabling SAML authentication in the Prisma Cloud Compute configuration"
}
],
"x_affectedList": [
"Prisma Cloud Compute 20.12",
"Prisma Cloud Compute 20.09",
"Prisma Cloud Compute 20.04",
"Prisma Cloud Compute 19.11"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3033",
"datePublished": "2021-02-10T17:35:13.982321Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T03:14:39.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}