Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-8689

Summary
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At-11 Sep, 2024 | 16:42
Updated At-11 Sep, 2024 | 18:24
Rejected At-
Credits

ActiveMQ Content Pack: Cleartext Exposure of Credentials

A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:palo_alto
Assigner Org ID:d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At:11 Sep, 2024 | 16:42
Updated At:11 Sep, 2024 | 18:24
Rejected At:
▼CVE Numbering Authority (CNA)
ActiveMQ Content Pack: Cleartext Exposure of Credentials

A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
ActiveMQ Content Pack
Default Status
unaffected
Versions
Affected
  • From 1.1.0 before 1.1.15 (custom)
    • -> unaffectedfrom1.1.15
Problem Types
TypeCWE IDDescription
CWECWE-312CWE-312 Cleartext Storage of Sensitive Information
Type: CWE
CWE ID: CWE-312
Description: CWE-312 Cleartext Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
4.06.0MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber
Version: 4.0
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-37CAPEC-37 Retrieve Embedded Sensitive Data
CAPEC ID: CAPEC-37
Description: CAPEC-37 Retrieve Embedded Sensitive Data
Solutions

This issue is fixed in ActiveMQ Content Pack 1.1.15 and all later versions. You can download the content pack from https://cortex.marketplace.pan.dev/marketplace/details/ActiveMQ/ . You should use new ActiveMQ credentials for ActiveMQ integration only after you upgrade it to a fixed version. You should also revoke the previously existing credentials to prevent the misuse of exposed credentials.

Configurations
Workarounds
Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits
finder
Marcel Maeder of Swisscom (Schweiz) AG
Timeline
EventDate
Initial publication2024-09-11 16:00:00
Event: Initial publication
Date: 2024-09-11 16:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2024-8689
N/A
Hyperlink: https://security.paloaltonetworks.com/CVE-2024-8689
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@paloaltonetworks.com
Published At:11 Sep, 2024 | 17:15
Updated At:12 Sep, 2024 | 12:35

A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.0MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber
Type: Secondary
Version: 4.0
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-312Secondarypsirt@paloaltonetworks.com
CWE ID: CWE-312
Type: Secondary
Source: psirt@paloaltonetworks.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.paloaltonetworks.com/CVE-2024-8689psirt@paloaltonetworks.com
N/A
Hyperlink: https://security.paloaltonetworks.com/CVE-2024-8689
Source: psirt@paloaltonetworks.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2023-0005
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.06% / 17.32%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 16:41
Updated-10 Feb, 2025 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Exposure of Sensitive Information Vulnerability

A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OSPrisma AccessCloud NGFW
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2025-2182
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.6||MEDIUM
EPSS-0.01% / 0.67%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 17:03
Updated-13 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Firewall Clusters using the MACsec Protocol Expose the Connectivity Association Key (CAK)

A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-Cloud NGFWPrisma AccessPAN-OS
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2025-2181
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.01% / 2.05%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 17:03
Updated-13 Aug, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Checkov by Prisma Cloud: Cleartext Exposure of Credentials

A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-Checkov by Prisma Cloud
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-5916
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-6||MEDIUM
EPSS-0.07% / 20.56%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:41
Updated-30 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Cleartext Exposure of External System Secrets

An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osCloud NGFWPAN-OSPrisma Access
CWE ID-CWE-313
Cleartext Storage in a File or on Disk
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2025-0123
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.01% / 0.61%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 17:43
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures

A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring . The administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Customer firewall administrators do not have access to the packet capture feature in Cloud NGFW. This feature is available only to authorized Palo Alto Networks personnel permitted to perform troubleshooting. Prisma® Access is not impacted by this vulnerability.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-Prisma AccessPAN-OSCloud NGFW
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-9466
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.2||HIGH
EPSS-9.13% / 92.35%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 17:04
Updated-18 Oct, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-expeditionExpeditionexpedition
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
Details not found