Primary

Context

Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack Cleartext Credential Exposure Vulnerability

Vulnerability

A vulnerability in the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack prior to version 4.6.5 on Windows can lead to the exposure of user credentials in application logs. These logs, typically accessible only to local users and included in troubleshooting log generation, inadvertently expose credentials to recipients of the application logs. This issue arises when the Microsoft 365 Defender Pack is enabled.

Impact

Exploitation of this vulnerability can result in the cleartext exposure of user credentials in application logs, which may be accessed by local users or included in logs sent for troubleshooting purposes.

Remediation

Users can upgrade to version 4.6.5 or later to address this vulnerability. Additionally, it is recommended to rotate any Client Secrets for Azure Applications that connected with the Microsoft 365 Defender Pack.

Added: Sep 12, 2025, 6:18 PM

Updated: Sep 12, 2025, 6:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.9

remediation

7.7

relevance

0.5

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.9

remediation

7.7

relevance

0.5

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack Cleartext Credential Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating