PT-2023-29444 · 1E · 1E Platform Saas +1

Name of the Vulnerable Software and Affected Versions: 1E Platform versions 8.1.2 through 9.0.1 1E Platform SaaS versions prior to 23.7.1 Description: The issue is a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this...

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versio...

CVE-2021-3039 Prisma Cloud Compute: User role authorization secret for Console leaked through log file export

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...