Lucene search
K

76 matches found

NVD
NVD
added 2021/04/20 4:15 a.m.28 views

CVE-2021-3035

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted...

7.2CVSS0.01295EPSS
Exploits0References1
OSV
OSV
added 2021/04/20 4:15 a.m.25 views

CVE-2021-3035

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted...

7.2CVSS7.7AI score0.01295EPSS
Exploits0References1
Prion
Prion
added 2021/04/20 4:15 a.m.21 views

Deserialization of untrusted data

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted...

6.5CVSS7.2AI score0.01295EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/04/20 3:15 a.m.91 views

CVE-2021-3035

Bridgecrew Checkov (CVE-2021-3035) is affected by an unsafe deserialization vulnerability that enables arbitrary code execution when processing a malicious Terraform file. The issue impacts Checkov 2.0 releases earlier than 2.0.26; Checkov 1.0 is not affected. Root cause is unsafe/deserialization...

7.2CVSS7.1AI score0.01295EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/20 3:15 a.m.32 views

CVE-2021-3035 Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted...

6.7CVSS7.5AI score0.01295EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/04/14 4:0 p.m.2 views

CVE-2021-3035

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted...

7.2CVSS7.7AI score0.01295EPSS
Exploits0References2Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2021/04/14 4:0 p.m.55 views

Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted. Work around: Do not run Checkov on...

7.2CVSS6AI score0.01295EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/03/04 12:0 a.m.7 views

The vulnerability in the web console of the Prisma Cloud Compute security platform allows a hacker to bypass existing security restrictions.

The vulnerability of the web console of the Prisma Cloud Compute security platform is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

10CVSS7.7AI score0.01211EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2021/02/10 6:15 p.m.17 views

CVE-2021-3033

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized use...

9.8CVSS0.01211EPSS
Exploits0References1
OSV
OSV
added 2021/02/10 6:15 p.m.6 views

CVE-2021-3033

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized use...

9.8CVSS7.3AI score0.01211EPSS
Exploits0References1
Prion
Prion
added 2021/02/10 6:15 p.m.12 views

Design/Logic Flaw

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized use...

7.5CVSS9.5AI score0.01211EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/02/10 5:35 p.m.60 views

CVE-2021-3033

CVE-2021-3033 describes an improper verification of cryptographic signature in Palo Alto Networks Prisma Cloud Compute console that allows bypassing signature validation during SAML authentication, enabling login as any authorized user. Affected on-prem Prisma Cloud Compute versions 19.11, 20.04,...

9.8CVSS9.7AI score0.01211EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/10 5:35 p.m.29 views

CVE-2021-3033 Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized use...

9.1CVSS9.8AI score0.01211EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2021/02/10 5:0 p.m.153 views

Informational: Impact of Sudo Vulnerability CVE-2021-3156

Palo Alto Networks Product Security Assurance team has evaluated the Sudo software vulnerability CVE-2021-3156. PAN-OS software, Prisma Cloud compute, and Prisma SD-WAN CloudGenix devices do not include the Sudo program and, therefore, no scenarios required for successful exploitation exist in...

7.8CVSS8AI score0.99295EPSS
Exploits81References2
Palo Alto Networks
Palo Alto Networks
added 2021/02/10 5:0 p.m.58 views

Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized use...

9.8CVSS2.8AI score0.01211EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/10 12:0 a.m.11 views

Prisma Cloud Compute Data Forgery Issue Vulnerability

A data forgery issue vulnerability exists in Prisma Cloud Compute that arises from a network system or product that does not adequately validate the origin or authenticity of data. An attacker could exploit the falsified data to conduct an attack...

9.8CVSS7.3AI score0.01211EPSS
Exploits0References2
Rows per page
Query Builder