PT-2021-18729 · Palo Alto Networks · Prisma Cloud Compute

Published

2021-07-15

Updated

2021-07-27

CVE-2021-3043

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Prisma Cloud Compute versions prior to 20.12.552 Prisma Cloud Compute versions prior to 21.04.439

Description A reflected cross-site scripting (XSS) issue exists in the Prisma Cloud Compute web console, allowing a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface.

Recommendations For Prisma Cloud Compute versions prior to 20.12.552, update to version 20.12.552 or later. For Prisma Cloud Compute versions prior to 21.04.439, update to version 21.04.439 or later. No additional action is required for Prisma Cloud Compute SaaS versions, as they were automatically upgraded to the fixed release.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-3043

Affected Products

Prisma Cloud Compute

PT-2021-18729 · Palo Alto Networks · Prisma Cloud Compute

CVE-2021-3043

Weakness Enumeration

Related Identifiers

Affected Products

References · 4