← volver
CVE-2022-0027

Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports

CVSS 4.3 MEDIUMEPSS 0.5%CWE-285
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 may 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
Palo Alto Networks · Cortex XSOAR

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://security.paloaltonetworks.com/CVE-2022-0027