Paloalto Cortex Xpanse vulnerabilities

CVE-2024-9474 [CRITICAL] CWE-306 PAN-SA-2024-0015 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) PAN-SA-2024-0015 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit ot

CVE-2023-34362 [CRITICAL] PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) PAN-SA-2023-0003 Informational Bulletin: Impact of MOVEit Vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) The Palo Alto Networks Product Security Assurance team has evaluated the recently disclosed critical Structured Query Language injection (SQLi) vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708) in the MOVEit Tran

CVE-2023-0286 [MEDIUM] PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 The Palo Alto Networks Product Security Assurance team has evaluated the OpenSSL vulnerabilities that were disclosed on February 7, 2023 (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, and CVE-2023-0401) as it relates to our products. At this time, there are no demonstrat

CVE-2022-3996 [HIGH] CWE-667 PAN-SA-2022-0007 Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996 PAN-SA-2022-0007 Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996 The OpenSSL Project has published a vulnerability CVE-2022-3996 that affects OpenSSL versions 3.0.0 through 3.0.7 on December 13, 2022. CVEs: CVE-2022-3996 Affected products: Cortex Data, Cortex XDR, Cortex XSOAR, Cortex Xpanse, GlobalProtect, PAN-OS, Prisma Access, Prisma Cloud, Prisma SD

CVE-2022-42889 [CRITICAL] CWE-94 CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889 CVE-2022-42889 Impact of Apache Text Commons Vulnerability CVE-2022-42889 Palo Alto Networks has evaluated the Apache Commons Text library vulnerability CVE-2022-42889, known as Text4Shell, for all products and services. The Palo Alto Networks Product Security Assurance team has confirmed that all products and services are not impacted by this vulnerability. CVE Summary CVE-2022-42889 Apac

CVE-2022-3786 [HIGH] PAN-SA-2022-0006 Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602 PAN-SA-2022-0006 Impact of OpenSSL 3.0 Vulnerabilities CVE-2022-3786 and CVE-2022-3602 The OpenSSL Project has published two high CVEs: CVE-2022-3602, CVE-2022-3786 Affected products: Cortex Data, Cortex XDR, Cortex XSOAR, Cortex Xpanse, GlobalProtect, PAN-OS, Prisma Access, Prisma Cloud, Prisma SD

CVE-2022-22963 [CRITICAL] CWE-497 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 The Palo Alto Networks Product Security Assurance team has completed its evaluation of the Spring Cloud Function vulnerability CVE-2022-22963 and Spring Core vulnerability CVE-2022-22965 for all products and services. All Palo Alto Networks cloud services with possible impact have been mitigated and

CVE-2021-44228 [CRITICAL] CWE-94 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Apache Log4j Java library is vulnerable to a remote code execution vulnerability CVE-2021-44228, known as Log4Shell, and related vulnerabilities CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Log4Shell allows remote unauthenticated attackers with the ability to i