Paloalto Prisma Cloud Compute vulnerabilities
10 known vulnerabilities affecting paloalto/prisma_cloud_compute.
Total CVEs
10
CISA KEV
4
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL4HIGH3MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2024-47076HIGHCVSS 8.62024-09-26
CVE-2024-47076 [HIGH] CWE-78 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products
Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products
The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our products.
Based on current information, Palo Alto Networks products and cloud services do not contain affecte
paloalto
CVE-2024-5906MEDIUMCVSS 4.82024-06-12
CVE-2024-5906 [MEDIUM] CWE-79 Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious admin
paloalto
CVE-2024-3094CRITICALCVSS 10.0PoC2024-04-01
CVE-2024-3094 [CRITICAL] CWE-506 Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094)
Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094)
The Palo Alto Networks Product Security Assurance team has evaluated the supply chain compromise impacting versions 5.6.0 and 5.6.1 of XZ tools and libraries. These versions of the software may allow unauthorized access to affected systems.
Based on the information presently known, Palo Alto Networks
paloalto
CVE-2023-44487HIGHCVSS 7.5KEVPoC2023-10-11
CVE-2023-44487 [HIGH] CWE-400 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)
Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)
The Palo Alto Networks Product Security Assurance team is evaluating the recently disclosed denial-of-service (DoS) vulnerabilities in the HTTP/2 protocol including Rapid Reset (CVE-2023-44487) and CVE-2023-35945.
If HTTP/2 inspection is enabled in PAN-OS, an ongoing distributed denial-of-servic
paloalto
CVE-2022-22963CRITICALCVSS 9.8KEVPoC2022-03-31
CVE-2022-22963 [CRITICAL] CWE-497 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965
Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965
The Palo Alto Networks Product Security Assurance team has completed its evaluation of the Spring Cloud Function vulnerability CVE-2022-22963 and Spring Core vulnerability CVE-2022-22965 for all products and services. All Palo Alto Networks cloud services with possible impact have been mitigated and
paloalto
CVE-2021-44228CRITICALCVSS 10.0KEVPoC2021-12-10
CVE-2021-44228 [CRITICAL] CWE-94 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832
Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832
Apache Log4j Java library is vulnerable to a remote code execution vulnerability CVE-2021-44228, known as Log4Shell, and related vulnerabilities CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Log4Shell allows remote unauthenticated attackers with the ability to i
paloalto
CVE-2021-3043MEDIUMCVSS 4.82021-07-14
CVE-2021-3043 [MEDIUM] CWE-79 Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console
Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console
A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface.
Prisma Cloud Comput
paloalto
CVE-2021-3039LOWCVSS 3.82021-06-09
CVE-2021-3039 [LOW] CWE-532 Prisma Cloud Compute: User role authorization secret for Console leaked through log file export
Prisma Cloud Compute: User role authorization secret for Console leaked through log file export
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file.
Authenticated Operator role and Auditor role users with access
paloalto
CVE-2021-3033CRITICALCVSS 9.82021-02-10
CVE-2021-3033 [CRITICAL] CWE-347 Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console
Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console
An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user.
Affected products
paloalto
CVE-2021-3156HIGHCVSS 7.8KEVPoC2021-02-10
CVE-2021-3156 [HIGH] Informational: Impact of Sudo Vulnerability CVE-2021-3156
Informational: Impact of Sudo Vulnerability CVE-2021-3156
Palo Alto Networks Product Security Assurance team has evaluated the Sudo software vulnerability CVE-2021-3156.
PAN-OS software, Prisma Cloud compute, and Prisma SD-WAN (CloudGenix) devices do not include the Sudo program and, therefore, no scenarios required for successful exploitation exist in these Palo Alto Networks products.
Affected products: PAN-OS, P
paloalto