How severe is CVE-2021-3047?

This vulnerability has a severity rating of LOW with a CVSS score of 3.1 out of 10.

What type of vulnerability is CVE-2021-3047?

This is classified as CWE-338, which is a common weakness in software security.

CVE-2021-3047

LOW Year: 2021

CVSS v3 Score

3.1

Low

CVSS v2 Score

3.5

Low

Weakness Type

CWE-338

View all →

Vulnerability Description

A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted.

CVE-2025-46653

LOW

CVSS:3.1(Low)

Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographica...

CWE-3382025

CVE-2019-11808

LOW

CVSS:3.7(Low)

Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start...

CWE-3382019

CVE-2022-48506

LOW

CVSS:2.4(Low)

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were ca...

CWE-3382022

CVE-2017-11671

MEDIUM

CVSS:4.0(Medium)

Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences ...

CWE-3382017

CVE-2025-27551

MEDIUM

CVSS:4.0(Medium)

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Dige...

CWE-3382025

CVE-2025-27552

MEDIUM

CVSS:4.0(Medium)

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This...

CWE-3382025

CVE-2021-3047

Vulnerability Description

Related Vulnerabilities

CVE-2025-46653

CVE-2019-11808

CVE-2022-48506

CVE-2017-11671

CVE-2025-27551

CVE-2025-27552