Vulnerability identifier: #VU63076

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0027

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cortex XSOAR
Server applications / DLP, anti-spam, sniffers

Vendor: Palo Alto Networks, Inc.

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user in non-Read-Only groups can generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cortex XSOAR: 6.5.0 2102531 - 6.5.0 2583817, 6.2.0 - 6.2.0 2392875, 6.0.1 build 81077 - 6.0.2 build 98623, 6.1 - 6.1.0 build 848144

---

External links
http://security.paloaltonetworks.com/CVE-2022-0027

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.