Vulnerabilities > Paloaltonetworks

DATE CVE VULNERABILITY TITLE RISK
2021-07-15 CVE-2021-3042 Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent 6.1/7.2/7.3
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges.
local
low complexity
paloaltonetworks CWE-427
7.2
2021-07-15 CVE-2021-3043 Cross-Site Scripting vulnerability in Paloaltonetworks Prisma Cloud 20.12
A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface.
3.5
2021-06-22 CVE-2021-3044 Incorrect Authorization vulnerability in Paloaltonetworks Cortex Xsoar 6.1.0/6.2.0
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API.
network
low complexity
paloaltonetworks CWE-863
7.5
2021-06-10 CVE-2021-3039 Information Exposure Through LOG Files vulnerability in Paloaltonetworks Prisma Cloud
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file.
network
low complexity
paloaltonetworks CWE-532
5.5
2021-06-10 CVE-2021-3040 Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file.
network
low complexity
paloaltonetworks CWE-502
6.5
2021-06-10 CVE-2021-3041 Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent
A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges.
local
low complexity
paloaltonetworks CWE-427
7.2
2021-04-20 CVE-2021-3038 Improper Input Validation vulnerability in Paloaltonetworks Globalprotect 5.1.0/5.1.2/5.1.4
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error.
local
low complexity
paloaltonetworks CWE-20
4.9
2021-04-20 CVE-2021-3037 Information Exposure Through LOG Files vulnerability in Paloaltonetworks Pan-Os
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs.
local
low complexity
paloaltonetworks CWE-532
2.1
2021-04-20 CVE-2021-3036 Information Exposure Through LOG Files vulnerability in Paloaltonetworks Pan-Os
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly.
local
low complexity
paloaltonetworks CWE-532
2.1
2021-04-20 CVE-2021-3035 Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file.
network
low complexity
paloaltonetworks CWE-502
6.5