PT-2022-12961 · Palo Alto Networks · Cortex Xsoar
Nelson M
·
Published
2022-05-11
·
Updated
2023-06-26
·
CVE-2022-0027
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Palo Alto Network Cortex XSOAR versions 6.1 through 6.5
Palo Alto Network Cortex XSOAR version 6.6 earlier than 6.6.0 build 6.6.0.2585049
Description
An improper authorization issue in Palo Alto Network Cortex XSOAR software allows authenticated users in non-Read-Only groups to generate an email report containing summary information about all incidents, including those they do not have access to.
Recommendations
For versions 6.1 through 6.5, update to a version later than 6.5.
For version 6.6 earlier than 6.6.0 build 6.6.0.2585049, update to version 6.6.0 build 6.6.0.2585049 or later.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cortex Xsoar