Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3039

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.

Published

2021-06-10T13:15:08.267

Last Modified

2024-11-21T06:20:49.050

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.8 (LOW)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-532
Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	paloaltonetworks	prisma_cloud	< 21.04.412	Yes

References

https://security.paloaltonetworks.com/CVE-2021-3039 Vendor Advisory ([email protected])
https://security.paloaltonetworks.com/CVE-2021-3039 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)