Palo Alto Networks Prisma Cloud Compute vulnerabilities

4 known vulnerabilities affecting palo_alto_networks/prisma_cloud_compute.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2024-5906MEDIUMCVSS 4.8≥ 32, < 32.05 (O’Neal - Update 5)2024-06-12
CVE-2024-5906 [MEDIUM] CWE-79 CVE-2024-5906: A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enabl A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browse
cvelistv5nvd
CVE-2021-3043MEDIUMCVSS 4.8≥ 21.04, < 21.04.439≥ 20.12, < 20.12.5522021-07-15
CVE-2021-3043 [MEDIUM] CWE-79 CVE-2021-3043: A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No
cvelistv5nvd
CVE-2021-3039LOWCVSS 3.8≥ 20.04, < 21.04.4122021-06-10
CVE-2021-3039 [LOW] CWE-532 CVE-2021-3039: An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access
cvelistv5nvd
CVE-2021-3033CRITICALCVSS 9.8≥ 19.11, ≤ update 2≥ 20.04, ≤ update 2+2 more2021-02-10
CVE-2021-3033 [CRITICAL] CWE-347 CVE-2021-3033: An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks P An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Co
cvelistv5nvd