How severe is CVE-2021-3055?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-3055?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2021-3055 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.6. This issue does not affect Prisma Access.

Related Vulnerabilities

CVE-2011-4107

MEDIUM

CVSS:6.5(Medium)

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary...

CWE-6112011

CVE-2012-0037

MEDIUM

CVSS:6.5(Medium)

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read ...

CWE-6112012

CVE-2012-3489

MEDIUM

CVSS:6.5(Medium)

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users ...

CWE-6112012

CVE-2014-3599

MEDIUM

CVSS:6.5(Medium)

HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy

CWE-6112014

CVE-2015-0194

MEDIUM

CVSS:6.5(Medium)

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.

CWE-6112015

CVE-2015-7743

MEDIUM

CVSS:6.5(Medium)

XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses ...

CWE-6112015