Focus

Prisma Cloud Compute Edition Public Sector

Scan results for 21.04.439

Table of Contents

OpenSCAP and vulnerability scan report:

Prisma Cloud Compute release: 21.04 Update 2 (21.04.439)

Base image: egistry.access.redhat.com/ubi8/ubi-minimal:8.4-205

Benchmark URL: scap-security-guide-0.1.54/ssg-rhel8-ds.xml

Benchmark ID: xccdf_org.ssgproject.content_benchmark_RHEL-8

Profile ID: xccdf_org.ssgproject.content_profile_stig

Compared to IronBank’s UBI8-minimal, Version 8.4 Approved, Build Date: 2021-07-15T12:53:31.649Z

Findings for Prisma Cloud Compute Console.

You can find the report here.

Rule_ID	Compute finding	IronBank finding	Justification
xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy	Pass	Fail	/etc/pki/tls/openssl.cnf configured according to check
xccdf_org.ssgproject.content_rule_banner_etc_issue	Fail	Pass	Application is a non-interactive container. There is no interactive console session with the container.

You can find the full report here.

CVE	Package	Version	Fix Status	Justification
CVE-2021-3520	lz4-libs	1.8.3-2.el8	fixed in 1.8.3-3.el8_4	To be patched in next release, Iverson
CVE-2021-3516	libxml2	2.9.7-9.el8	fixed in 2.9.7-9.el8_4.2	To be patched in next release, Iverson
CVE-2021-3517	libxml2	2.9.7-9.el8	fixed in 2.9.7-9.el8_4.2	To be patched in next release, Iverson
CVE-2021-3518	libxml2	2.9.7-9.el8	fixed in 2.9.7-9.el8_4.2	To be patched in next release, Iverson
CVE-2021-3537	libxml2	2.9.7-9.el8	fixed in 2.9.7-9.el8_4.2	To be patched in next release, Iverson
CVE-2021-3541	libxml2	2.9.7-9.el8	fixed in 2.9.7-9.el8_4.2	To be patched in next release, Iverson
CVE-2021-20271	rpm-libs	4.14.3-13.el8	fixed in 4.14.3-14.el8_4	To be patched in next release, Iverson
CVE-2021-20271	rpm	4.14.3-13.el8	fixed in 4.14.3-14.el8_4	To be patched in next release, Iverson

Findings for Prisma Cloud Compute Defender.

You can find the report here.

Rule_ID	Compute finding	IronBank finding	Justification
xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy	Pass	Fail	/etc/pki/tls/openssl.cnf configured according to check
xccdf_org.ssgproject.content_rule_banner_etc_issue	Fail	Pass	Application is a non-interactive container. There is no interactive console session with the container.

You can find the full report here.

CVE	Package	Version	Fix Status	Justification
CVE-2021-3520	lz4-libs	1.8.3-2.el8	fixed in 1.8.3-3.el8_4	To be patched in next release, Iverson
CVE-2021-3516	libxml2	2.9.7-9.el8	fixed in 2.9.7-9.el8_4.2	To be patched in next release, Iverson
CVE-2021-3517	libxml2	2.9.7-9.el8	fixed in 2.9.7-9.el8_4.2	To be patched in next release, Iverson
CVE-2021-3518	libxml2	2.9.7-9.el8	fixed in 2.9.7-9.el8_4.2	To be patched in next release, Iverson
CVE-2021-3537	libxml2	2.9.7-9.el8	fixed in 2.9.7-9.el8_4.2	To be patched in next release, Iverson
CVE-2021-3541	libxml2	2.9.7-9.el8	fixed in 2.9.7-9.el8_4.2	To be patched in next release, Iverson
CVE-2021-20271	rpm-libs	4.14.3-13.el8	fixed in 4.14.3-14.el8_4	To be patched in next release, Iverson
CVE-2021-20271	rpm	4.14.3-13.el8	fixed in 4.14.3-14.el8_4	To be patched in next release, Iverson