CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8689 – ActiveMQ Content Pack: Cleartext Exposure of Credentials
https://notcve.org/view.php?id=CVE-2024-8689
A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles. • https://security.paloaltonetworks.com/CVE-2024-8689 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8688 – PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI)
https://notcve.org/view.php?id=CVE-2024-8688
An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall. • https://security.paloaltonetworks.com/CVE-2024-8688 • CWE-155: Improper Neutralization of Wildcards or Matching Symbols •
CVSS: 6.9EPSS: 0%CPEs: 12EXPL: 0CVE-2024-8687 – PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes
https://notcve.org/view.php?id=CVE-2024-8687
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so. • https://security.paloaltonetworks.com/CVE-2024-8687 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8686 – PAN-OS: Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-8686
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. • https://security.paloaltonetworks.com/CVE-2024-8686 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5916 – PAN-OS: Cleartext Exposure of External System Secrets
https://notcve.org/view.php?id=CVE-2024-5916
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems. • https://security.paloaltonetworks.com/CVE-2024-5916 • CWE-313: Cleartext Storage in a File or on Disk •