Palo Alto Networks · Cortex Xsoar · CVE-2022-0027
**Name of the Vulnerable Software and Affected Versions**
Palo Alto Network Cortex XSOAR versions 6.1 through 6.5
Palo Alto Network Cortex XSOAR version 6.6 earlier than 6.6.0 build 6.6.0.2585049
**Description**
An improper authorization issue in Palo Alto Network Cortex XSOAR software allows authenticated users in non-Read-Only groups to generate an email report containing summary information about all incidents, including those they do not have access to.
**Recommendations**
For versions 6.1 through 6.5, update to a version later than 6.5.
For version 6.6 earlier than 6.6.0 build 6.6.0.2585049, update to version 6.6.0 build 6.6.0.2585049 or later.