William Wirahasbianto

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Twistlock versions 19.07.358 and earlier **Description** The issue is related to insufficient access control in the Palo Alto Networks Twistlock complex for cloud services and platform protection. It allows a remote attacker to escalate privileges. Active interaction with an affected component is required for the payload to execute on the victim. A Twistlock user with Operator capabilities can escalate privileges to those of another user. **Recommendations** For versions 19.07.358 and earlier, consider restricting access to the Twistlock console to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.