Vulnerabilities > Paloaltonetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-10 | CVE-2022-0018 | Information Exposure vulnerability in Paloaltonetworks Globalprotect An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. | 6.5 |
| 2022-02-10 | CVE-2022-0019 | Insufficiently Protected Credentials vulnerability in Paloaltonetworks Globalprotect An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. | 5.5 |
| 2022-02-10 | CVE-2022-0020 | Cross-site Scripting vulnerability in Paloaltonetworks Cortex Xsoar 6.1.0/6.2.0 A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. | 5.4 |
| 2022-02-10 | CVE-2022-0021 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Globalprotect An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. | 5.5 |
| 2022-01-12 | CVE-2022-0013 | Information Exposure vulnerability in Paloaltonetworks Cortex XDR Agent A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges when generating a support file. | 5.5 |
| 2021-09-08 | CVE-2021-3049 | Unspecified vulnerability in Paloaltonetworks Cortex Xsoar 5.5.0/6.1.0 An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. | 4.3 |
| 2021-09-08 | CVE-2021-3052 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. | 5.4 |
| 2021-09-08 | CVE-2021-3054 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Pan-Os A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. | 6.6 |
| 2021-09-08 | CVE-2021-3055 | XXE vulnerability in Paloaltonetworks Pan-Os An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. | 6.5 |
| 2021-08-11 | CVE-2021-3045 | Argument Injection or Modification vulnerability in Paloaltonetworks Pan-Os An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. | 4.9 |