* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/)
* Prisma Cloud Mitigations ...

# Prisma Cloud Mitigations for SpringShell and Recent Spring Vulnerabilities: CVE-2022-22963, CVE-2022-22965

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Frecent-spring-vulnerabilities%2F)  
[](https://twitter.com/share?text=Prisma+Cloud+Mitigations+for+SpringShell+and+Recent+Spring+Vulnerabilities%3A+CVE-2022-22963%2C+CVE-2022-22965&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Frecent-spring-vulnerabilities%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Frecent-spring-vulnerabilities%2F&title=Prisma+Cloud+Mitigations+for+SpringShell+and+Recent+Spring+Vulnerabilities%3A+CVE-2022-22963%2C+CVE-2022-22965&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/recent-spring-vulnerabilities/&ts=markdown)  
\[\](mailto:?subject=Prisma Cloud Mitigations for SpringShell and Recent Spring Vulnerabilities: CVE-2022-22963, CVE-2022-22965)  
Link copied  
By [Nathaniel Quist](https://www.paloaltonetworks.com/blog/author/nathaniel-q-quist-sr-threat-researcher-public-cloud-security/?ts=markdown "Posts by Nathaniel Quist"), [Ariel Zelivansky](https://www.paloaltonetworks.com/blog/author/ariel-zelivansky/?ts=markdown "Posts by Ariel Zelivansky"), [Aviv Sasson](https://www.paloaltonetworks.com/blog/author/aviv-sasson/?ts=markdown "Posts by Aviv Sasson"), [Alok Tongaonkar](https://www.paloaltonetworks.com/blog/author/alok-tongaonkar/?ts=markdown "Posts by Alok Tongaonkar") and [Artur Avetisyan](https://www.paloaltonetworks.com/blog/author/artur-avetisyan/?ts=markdown "Posts by Artur Avetisyan")  
Mar 31, 2022  
8 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown)  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[Web Application \& API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/web-application-api-security/?ts=markdown)  
[CVE-2022-22963](https://www.paloaltonetworks.com/blog/tag/cve-2022-22963/?ts=markdown)  
[CVE-2022-22965](https://www.paloaltonetworks.com/blog/tag/cve-2022-22965/?ts=markdown)  
[RCE](https://www.paloaltonetworks.com/blog/tag/rce-2/?ts=markdown)  
[Remote Code Execution](https://www.paloaltonetworks.com/blog/tag/remote-code-execution/?ts=markdown)  
[Spring Framework](https://www.paloaltonetworks.com/blog/tag/spring-framework/?ts=markdown)  
[Spring4Shell](https://www.paloaltonetworks.com/blog/tag/spring4shell/?ts=markdown)  
[SpringShell](https://www.paloaltonetworks.com/blog/tag/springshell/?ts=markdown)  
[Vulnerability](https://www.paloaltonetworks.com/blog/tag/vulnerability/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www.paloaltonetworks.com/blog/cloud-security/recent-spring-vulnerabilities/?lang=ja "Switch to Japanese(日本語)")

### **Executive Summary**

In the past week, multiple vulnerabilities affecting the Spring Framework have been disclosed to the public. Among four vulnerabilities released since the beginning of March, [CVE-2022-22965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965), which was uncovered on March 31, 2022, had the most critical impact and was dubbed SpringShell.

The SpringShell vulnerability allows attackers unauthenticated remote code execution (RCE) to affected systems. A full analysis of the SpringShell vulnerability can be found in the Unit 42 [Threat Brief](https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/).

Prisma Cloud can detect all recent SpringShell vulnerabilities across all cloud assets. In addition to detecting affected instances, Prisma Cloud can prevent and stop the execution of vulnerable container images. Prisma Cloud is also able to prevent exploitation of the vulnerabilities with different capabilities as well as post-exploitation techniques.

### **Background**

The Spring Framework is an open-source and comprehensive application framework for the Java Platform. It is widely used in the industry due to its powerful features and ease of use. The Spring Core component is the core of the framework that provides powerful features such as Inversion of Control and dependency injection. It contains core, beans, context, and the Spring Expression Language (SpEL) modules.

The Spring Cloud Function is a project that is designed to promote the development lifecycle of business logic and support uniform programming models across serverless providers. Where the Spring Expression Language (SpEL) supports the querying and manipulation of an object at runtime, using a Unified EL which includes method invocation and basic string templating functionality.

Since the beginning of March, there have been a total of four CVEs published pertaining to the Spring Framework:

* [CVE-2022-22947](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22947) - Spring Cloud Gateway - Remote Code Execution
* [CVE-2022-22950](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22950) - Spring Expression Language (SpEL) - Denial of Service
* [CVE-2022-22963](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22963) - Spring Cloud Function - Remote Code Execution
* [CVE-2022-22965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965) - Spring Core - Remote Code Execution

## **Prisma Cloud Detection Capabilities**

Prisma Cloud users can detect software components affected by either of these two vulnerabilities, CVE-2022-22963 or CVE-2022-22965. The Prisma Cloud [Intelligence Stream](https://docs.paloaltonetworks.com/prisma/prisma-cloud/21-08/prisma-cloud-compute-edition-admin/technology_overviews/intel_stream.html) (IS) automatically updates to include the vulnerability information from official vendor feeds. This allows Prisma Cloud to directly reflect any updates or analysis by Linux distribution and application maintainers, allowing Prisma Cloud to detect any affected functions, images, and hosts.

Prisma Cloud also employs the use of [PRISMA IDs](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/prisma_cloud_vulnerability_feed.html) which contain a curated set of industry-known vulnerabilities affecting systems and applications, but which have not been, or not yet been, assigned CVE tracking numbers. Vulnerabilities that are industry known but have yet to be assigned a CVE tracking number are analyzed by Prisma Cloud's Cloud Security Research Team (CSRT) and then added to Prisma Cloud's IS. With PRISMA-IDs to track industry-known vulnerabilities, Prisma Cloud can push vulnerability detection rules to client environments in short order, often times faster than CVE publications are released to the public.

**Case in point, the SpringShell vulnerability (CVE-2022-22965) is one such example of Prisma IDs rules providing vulnerability detections at a faster rate than public CVE publications.** The SpringShell CVE (CVE-2022-22965) was published on March 31, 2022, however, Prisma Cloud's CSRT published the Prisma ID rule 'PRISMA-2022-0130' on March 30, 2022. This equates to clients of Prisma Cloud's Cloud Workload Protection (CWP) module being capable of detecting CVE-2022-22965 hours prior to the official vulnerability release.

![Figure 1. PRISMA-2022-0130 in Intelligence Stream](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/03/figure-1-prisma-2022-0130-in-intelligence-stream-3.png)
Figure 1. PRISMA-2022-0130 in Intelligence Stream

## **Query Your Environments for Hosts with This Risk**

Prisma Cloud's RQL (Resource Query Language) provides a quick and easy way to query for resources impacted. In this case, users can utilize the Prisma platform's capabilities to isolate assets with vulnerabilities and prioritize them further by looking for internet-exposed assets receiving traffic.

Know the hosts in your cloud that have the specific vulnerability CVE-2022-22963 or CVE-2022-22965:

config from cloud.resource where finding.type = 'Host Vulnerability' AND finding.name IN ('CVE-2022-22963', 'CVE-2022-22965')
![Figure 2. CVE-2022-22963 and CVE-2022-22965 vulnerability information for hosts with RQL query/WAAS Detections](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/03/figure-2-cve-2022-22963-and-cve-2022-22965-vulner-3.png)
Figure 2. CVE-2022-22963 and CVE-2022-22965 vulnerability information for hosts with RQL query/WAAS Detections

Know the Internet exposed hosts that are receiving traffic in your cloud and have the specific vulnerability CVE-2022-22963 or CVE-2022-22965:

network from vpc.flow\_record where bytes \> 0 AND destination.resource IN ( resource where finding.type IN ( 'Host Vulnerability' ) AND finding.source IN ( 'Prisma Cloud' ) AND finding.name IN ('CVE-2022-22963', 'CVE-2022-22965') ) AND source.publicnetwork IN ('Internet IPs', 'Suspicious IPs')

![Figure 3. Investigating vulnerable instances with the network RQL queryWAAS Detections](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/03/a-picture-containing-chart-description-automatica.png)
Figure 3. Investigating vulnerable instances with the network RQL queryWAAS Detections

Prisma Cloud users with WAAS enabled are protected from the majority of exploits we analyzed for SpringShell (CVE-2022-22965) by the App Firewall Code Injection detection feature.
![Figure 4. WAAS prevents Spring4Shell exploitation](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/03/graphical-user-interface-text-application-email-8.png)
Figure 4. WAAS prevents Spring4Shell exploitation

Custom rule was created to more accurately cover CVE-2022-22965 (Spring4Shell) and CVE-2022-22963 (Spring Cloud Function) including their bypasses, users with WAAS enabled may import the following new custom rules for protection:

Rule compatible for WAAS version 22.01.839 and above:
![Figure 5. WAAS 22.01.839 Spring4Shell Rule](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/03/graphical-user-interface-text-application-descr-11.png)
Figure 5. WAAS 22.01.839 Spring4Shell Rule

urlQueryDecode(unicodeDecode(compressWhitespace(req.header\_names))) contains /(?i)(?:extends\\s\*?ClassLoader\\s\*?\\{|Base64\\.getDecoder\\s\*?\\(|java\\.io\\.InputStream|java\\.lang\\.Process\\s\*?\\(|java\\.lang\\.Runtime\\s\*?\\(|utility\\.Execute\\s\*?\\(|\\.getRuntime\\s\*?\\(\\s\*?\\)|\\.getInputStream\\s\*?\\(|ProcessBuilder\\s\*\\(\\s\*\\)|\\.newSingleThreadExecutor\\s\*?\\(\\))((.|\\s)\*?\\.exec\\s\*?\\()?/

or

urlQueryDecode(unicodeDecode(compressWhitespace(req.header\_values))) contains /(?i)(?:extends\\s\*?ClassLoader\\s\*?\\{|Base64\\.getDecoder\\s\*?\\(|java\\.io\\.InputStream|java\\.lang\\.Process\\s\*?\\(|java\\.lang\\.Runtime\\s\*?\\(|utility\\.Execute\\s\*?\\(|\\.getRuntime\\s\*?\\(\\s\*?\\)|\\.getInputStream\\s\*?\\(|ProcessBuilder\\s\*\\(\\s\*\\)|\\.newSingleThreadExecutor\\s\*?\\(\\))((.|\\s)\*?\\.exec\\s\*?\\()?/

or

urlQueryDecode(unicodeDecode(compressWhitespace(req.body))) contains /(?i)(?:extends\\s\*?ClassLoader\\s\*?\\{|Base64\\.getDecoder\\s\*?\\(|java\\.io\\.InputStream|java\\.lang\\.Process\\s\*?\\(|java\\.lang\\.Runtime\\s\*?\\(|utility\\.Execute\\s\*?\\(|\\.getRuntime\\s\*?\\(\\s\*?\\)|\\.getInputStream\\s\*?\\(|ProcessBuilder\\s\*\\(\\s\*\\)|\\.newSingleThreadExecutor\\s\*?\\(\\))((.|\\s)\*?\\.exec\\s\*?\\()?/

or

urlQueryDecode(unicodeDecode(compressWhitespace(req.body\_param\_values))) contains /(?i)(?:extends\\s\*?ClassLoader\\s\*?\\{|Base64\\.getDecoder\\s\*?\\(|java\\.io\\.InputStream|java\\.lang\\.Process\\s\*?\\(|java\\.lang\\.Runtime\\s\*?\\(|utility\\.Execute\\s\*?\\(|\\.getRuntime\\s\*?\\(\\s\*?\\)|\\.getInputStream\\s\*?\\(|ProcessBuilder\\s\*\\(\\s\*\\)|\\.newSingleThreadExecutor\\s\*?\\(\\))((.|\\s)\*?\\.exec\\s\*?\\()?/

or

urlQueryDecode(unicodeDecode(compressWhitespace(req.query\_param\_names))) contains /(?i)(?:extends\\s\*?ClassLoader\\s\*?\\{|Base64\\.getDecoder\\s\*?\\(|java\\.io\\.InputStream|java\\.lang\\.Process\\s\*?\\(|java\\.lang\\.Runtime\\s\*?\\(|utility\\.Execute\\s\*?\\(|\\.getRuntime\\s\*?\\(\\s\*?\\)|\\.getInputStream\\s\*?\\(|ProcessBuilder\\s\*\\(\\s\*\\)|\\.newSingleThreadExecutor\\s\*?\\(\\))((.|\\s)\*?\\.exec\\s\*?\\()?/

or

urlQueryDecode(unicodeDecode(compressWhitespace(req.query\_param\_values))) contains /(?i)(?:extends\\s\*?ClassLoader\\s\*?\\{|Base64\\.getDecoder\\s\*?\\(|java\\.io\\.InputStream|java\\.lang\\.Process\\s\*?\\(|java\\.lang\\.Runtime\\s\*?\\(|utility\\.Execute\\s\*?\\(|\\.getRuntime\\s\*?\\(\\s\*?\\)|\\.getInputStream\\s\*?\\(|ProcessBuilder\\s\*\\(\\s\*\\)|\\.newSingleThreadExecutor\\s\*?\\(\\))((.|\\s)\*?\\.exec\\s\*?\\()?/

Rule compatible for WAAS version 21.08.525 and above:
![Figure 6. WAAS 21.08.525 Spring4Shell Rule](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/03/graphical-user-interface-text-application-descr-13.png)
Figure 6. WAAS 21.08.525 Spring4Shell Rule

req.header\_names contains /(?i)(?:extends\\s\*?ClassLoader\\s\*?\\{|Base64\\.getDecoder\\s\*?\\(|java\\.io\\.InputStream|java\\.lang\\.Process\\s\*?\\(|java\\.lang\\.Runtime\\s\*?\\(|utility\\.Execute\\s\*?\\(|\\.getRuntime\\s\*?\\(\\s\*?\\)|\\.getInputStream\\s\*?\\(|ProcessBuilder\\s\*\\(\\s\*\\)|\\.newSingleThreadExecutor\\s\*?\\(\\))((.|\\s)\*?\\.exec\\s\*?\\()?/

or

req.header\_values contains /(?i)(?:extends\\s\*?ClassLoader\\s\*?\\{|Base64\\.getDecoder\\s\*?\\(|java\\.io\\.InputStream|java\\.lang\\.Process\\s\*?\\(|java\\.lang\\.Runtime\\s\*?\\(|utility\\.Execute\\s\*?\\(|\\.getRuntime\\s\*?\\(\\s\*?\\)|\\.getInputStream\\s\*?\\(|ProcessBuilder\\s\*\\(\\s\*\\)|\\.newSingleThreadExecutor\\s\*?\\(\\))((.|\\s)\*?\\.exec\\s\*?\\()?/

or

req.body contains /(?i)(?:extends\\s\*?ClassLoader\\s\*?\\{|Base64\\.getDecoder\\s\*?\\(|java\\.io\\.InputStream|java\\.lang\\.Process\\s\*?\\(|java\\.lang\\.Runtime\\s\*?\\(|utility\\.Execute\\s\*?\\(|\\.getRuntime\\s\*?\\(\\s\*?\\)|\\.getInputStream\\s\*?\\(|ProcessBuilder\\s\*\\(\\s\*\\)|\\.newSingleThreadExecutor\\s\*?\\(\\))((.|\\s)\*?\\.exec\\s\*?\\()?/

or

req.body\_param\_values contains /(?i)(?:extends\\s\*?ClassLoader\\s\*?\\{|Base64\\.getDecoder\\s\*?\\(|java\\.io\\.InputStream|java\\.lang\\.Process\\s\*?\\(|java\\.lang\\.Runtime\\s\*?\\(|utility\\.Execute\\s\*?\\(|\\.getRuntime\\s\*?\\(\\s\*?\\)|\\.getInputStream\\s\*?\\(|ProcessBuilder\\s\*\\(\\s\*\\)|\\.newSingleThreadExecutor\\s\*?\\(\\))((.|\\s)\*?\\.exec\\s\*?\\()?/

or

req.query\_param\_names contains /(?i)(?:extends\\s\*?ClassLoader\\s\*?\\{|Base64\\.getDecoder\\s\*?\\(|java\\.io\\.InputStream|java\\.lang\\.Process\\s\*?\\(|java\\.lang\\.Runtime\\s\*?\\(|utility\\.Execute\\s\*?\\(|\\.getRuntime\\s\*?\\(\\s\*?\\)|\\.getInputStream\\s\*?\\(|ProcessBuilder\\s\*\\(\\s\*\\)|\\.newSingleThreadExecutor\\s\*?\\(\\))((.|\\s)\*?\\.exec\\s\*?\\()?/

or

req.query\_param\_values contains /(?i)(?:extends\\s\*?ClassLoader\\s\*?\\{|Base64\\.getDecoder\\s\*?\\(|java\\.io\\.InputStream|java\\.lang\\.Process\\s\*?\\(|java\\.lang\\.Runtime\\s\*?\\(|utility\\.Execute\\s\*?\\(|\\.getRuntime\\s\*?\\(\\s\*?\\)|\\.getInputStream\\s\*?\\(|ProcessBuilder\\s\*\\(\\s\*\\)|\\.newSingleThreadExecutor\\s\*?\\(\\))((.|\\s)\*?\\.exec\\s\*?\\()?/

### Summary

SpringShell was a severe vulnerability affecting the widely used Spring Framework. SpringShell is officially assigned CVE-2022-22965 and the patch was released on March 31, 2022. In addition, three other vulnerabilities affecting the Spring Cloud Gateway, Spring Expression Language (SpEL), and Spring Cloud Function components have been disclosed since the beginning of March 2022.

Prisma Cloud can help in detecting all vulnerable instances in your deployments. Prisma Cloud may also be configured to fully prevent running any images or hosts vulnerable to this issue.

For an in-depth technical analysis of the SpringShell vulnerability, please refer to Palo Alto Networks Unit 42's [Threat Brief](https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/).

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Web Application \& API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/web-application-api-security/?ts=markdown)

[#### Prisma Cloud Introduces Out-of-Band Web App and API Security](https://www.paloaltonetworks.com/blog/2022/06/prisma-cloud-introduces-oob-waas/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Web Application \& API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/web-application-api-security/?ts=markdown)

[#### Prisma Cloud Delivers Advanced Web Application Security Insights to Secure Hosts, Containers, and Serverless Applications](https://www.paloaltonetworks.com/blog/cloud-security/cloud-workload-protection/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-security-platform/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### Prisma Cloud at Ignite '21: What to Know](https://www.paloaltonetworks.com/blog/cloud-security/prisma-cloud-ignite-21/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud: Leader in the GigaOm Radar for Vulnerability Management](https://www.paloaltonetworks.com/blog/2021/05/cloud-leader-in-gigaom-radar-vulnerability-management/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud and Bridgecrew: Doubling Down on Developer-Led Security](https://www.paloaltonetworks.com/blog/2021/03/bridgecrew-developer-led-security/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud and VM-Series Help Protect Oracle Cloud Infrastructure](https://www.paloaltonetworks.com/blog/2021/02/cloud-protect-oracle-cloud/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language