BugZero | Palo Alto Networks BugID PAN-154114 - A fix was made to address a vulnerability related ...

Palo Alto Networks - Defect ID: PAN-154114

A fix was made to address a vulnerability related to information exposure through log files in PAN-OS where secrets in PAN-OS XML API requests were logged in cleartext in the web server logs when the API was used incorrectly ( CVE-2021-3036 ).

Palo Alto Networks - Defect ID: PAN-154114

A fix was made to address a vulnerability related to information exposure through log files in PAN-OS where secrets in PAN-OS XML API requests were logged in cleartext in the web server logs when the API was used incorrectly ( CVE-2021-3036 ).

Last updated on Invalid date

BugZero Risk Score
6.3 Medium

Overall: 6.3

Severity: 6.4

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 1

Description

The earliest recollection of this bug is traced back to PAN-OS 8.1.19 - July 22, 2025. This bug is fixed in PAN-OS versions 9.1.6, 8.1.19. A fix was made to address a vulnerability related to information exposure through log files in PAN-OS where secrets in PAN-OS XML API requests were logged in cleartext in the web server logs when the API was used incorrectly ( CVE-2021-3036 ). For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-19-addressed-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-6-addressed-issues

Change history

No changes to display

Top Palo Alto Networks Defects

6.3Defect ID: PAN-214430
Fixed an issue where some commands did not have executable permissions.
6.3Defect ID: PAN-298460
( Panorama appliances in HA configurations on Microsoft Azure environments only ) Fixed an issue on the web interface where the plugin versions that were displayed when hovering the cursor over the Green Match icon were inconsistent even though the Panorama web interface reported the versions as matching.
6.3Defect ID: PAN-287713
Fixed an issue on Panorama where, after uninstalling a plugin, commit validation failed with the error message interface '-' is not a valid reference due to cloud service plugin configuration errors.
6.3Defect ID: PAN-305301
Fixed an issue where GlobalProtect notifications in tunnels caused processes to stop responding and the dataplane to restart due to the session lookup returning an incorrect session, which resulted in the data being sent through the wrong tunnel.
6.3Defect ID: PAN-296598
Fixed an issue where EAL logs were not forwarded to the IoT Security dashboard when the proxy server password contained special characters.

Ready to prevent the next vendor outage?

Get a demo

Palo Alto Networks - Defect ID: PAN-154114

A fix was made to address a vulnerability related to information exposure through log files in PAN-OS where secrets in PAN-OS XML API requests were logged in cleartext in the web server logs when the API was used incorrectly ( CVE-2021-3036 ).

Palo Alto Networks - Defect ID: PAN-154114

A fix was made to address a vulnerability related to information exposure through log files in PAN-OS where secrets in PAN-OS XML API requests were logged in cleartext in the web server logs when the API was used incorrectly ( CVE-2021-3036 ).

Last updated on Invalid date

BugZero Risk Score6.3 Medium

Bug Details

Links

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.3 Medium