Vulnerability identifier: #VU63076
Vulnerability risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cortex XSOAR
Server applications /
DLP, anti-spam, sniffers
Vendor: Palo Alto Networks, Inc.
Description
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user in non-Read-Only groups can generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cortex XSOAR: 6.5.0 2102531 - 6.5.0 2583817, 6.2.0 - 6.2.0 2392875, 6.0.1 build 81077 - 6.0.2 build 98623, 6.1 - 6.1.0 build 848144
External links
http://security.paloaltonetworks.com/CVE-2022-0027
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.