Vulnerabilities > Paloaltonetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-08 | CVE-2021-3051 | Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Cortex Xsoar An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. | 6.8 |
| 2021-09-08 | CVE-2021-3052 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. | 3.5 |
| 2021-09-08 | CVE-2021-3053 | Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. | 7.1 |
| 2021-09-08 | CVE-2021-3054 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Pan-Os A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. | 8.5 |
| 2021-09-08 | CVE-2021-3055 | XXE vulnerability in Paloaltonetworks Pan-Os An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. | 7.5 |
| 2021-07-15 | CVE-2021-3042 | Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent 6.1/7.2/7.3 A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. | 7.2 |
| 2021-07-15 | CVE-2021-3043 | Cross-site Scripting vulnerability in Paloaltonetworks Prisma Cloud 20.12 A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. | 3.5 |
| 2021-06-22 | CVE-2021-3044 | Unspecified vulnerability in Paloaltonetworks Cortex Xsoar 6.1.0/6.2.0 An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. | 7.5 |
| 2021-06-10 | CVE-2021-3039 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Prisma Cloud An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. | 5.5 |
| 2021-06-10 | CVE-2021-3040 | Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. | 6.5 |