All the vulnerabilites related to Palo Alto Networks - Cortex XSOAR
cve-2022-0031
Vulnerability from cvelistv5
Published
2022-11-09 17:24
Modified
2024-08-02 23:18
Severity ?
EPSS score ?
Summary
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Palo Alto Networks | Cortex XSOAR |
Version: 6.9.0.0 < 6.9.0.130766 Version: 6.8.0.0 Version: 6.6.0.0 Version: 6.5.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Cortex XSOAR engine"
],
"platforms": [
"Linux"
],
"product": "Cortex XSOAR",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "6.9.0.130766",
"status": "unaffected"
}
],
"lessThan": "6.9.0.130766",
"status": "affected",
"version": "6.9.0.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.8.0.0"
},
{
"status": "affected",
"version": "6.6.0.0"
},
{
"status": "affected",
"version": "6.5.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Palo Alto Networks thanks Olivier Caillault for discovering and reporting this issue."
}
],
"datePublic": "2022-11-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges."
}
],
"value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T17:24:34.557Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2022-0031"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XSOAR engine software available in Cortex XSOAR 6.9.0 build 130766 and all later versions of Cortex XSOAR.\n"
}
],
"source": {
"defect": [
"CRTX-57476"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-11-09T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0031",
"datePublished": "2022-11-09T17:24:34.557Z",
"dateReserved": "2021-12-28T23:54:27.328Z",
"dateUpdated": "2024-08-02T23:18:41.569Z",
"requesterUserId": "4bdfcd35-6352-4419-9b3e-118da80d0642",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3282
Vulnerability from cvelistv5
Published
2023-11-08 17:22
Modified
2024-08-02 06:48
Severity ?
EPSS score ?
Summary
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Palo Alto Networks | Cortex XSOAR |
Version: 6.10 < 6.10.0.250144 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.10.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cortex_xsoar",
"vendor": "paloaltonetworks",
"versions": [
{
"lessThan": "6.10.0.250144",
"status": "affected",
"version": "6.10.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T03:55:17.996243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T16:54:38.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-3282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Cortex XSOAR",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "6.10.0.250144",
"status": "unaffected"
}
],
"lessThan": "6.10.0.250144",
"status": "affected",
"version": "6.10",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.11"
},
{
"status": "unaffected",
"version": "6.12"
},
{
"status": "unaffected",
"version": "8"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is applicable only to Cortex XSOAR engines installed through the shell method that are running on a Linux operating system.\u003cbr\u003e\u003cbr\u003ePlease see the following link for more Cortex XSOAR engine installation information:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Install-a-Cortex-XSOAR-Engine\"\u003ehttps://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Instal...\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "This issue is applicable only to Cortex XSOAR engines installed through the shell method that are running on a Linux operating system.\n\nPlease see the following link for more Cortex XSOAR engine installation information:\n https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Instal... https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Install-a-Cortex-XSOAR-Engine \n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Romeo Benzoni"
}
],
"datePublic": "2023-11-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine."
}
],
"value": "A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T17:22:58.976Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-3282"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in deployed Cortex XSOAR engines when an updated engine installer is created and used to upgrade the engine from Cortex XSOAR 6.10 build B250144 and all later builds of Cortex XSOAR.\u003cbr\u003e"
}
],
"value": "This issue is fixed in deployed Cortex XSOAR engines when an updated engine installer is created and used to upgrade the engine from Cortex XSOAR 6.10 build B250144 and all later builds of Cortex XSOAR.\n"
}
],
"source": {
"defect": [
"CRTX-70551"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-11-08T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-3282",
"datePublished": "2023-11-08T17:22:58.976Z",
"dateReserved": "2023-06-15T23:55:45.258Z",
"dateUpdated": "2024-08-02T06:48:08.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3044
Vulnerability from cvelistv5
Published
2021-06-22 17:15
Modified
2024-09-16 17:23
Severity ?
EPSS score ?
Summary
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2021-3044 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Palo Alto Networks | Cortex XSOAR |
Version: 1016923 < 6.1.0* Version: 6.2.0 < 1271065 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cortex XSOAR",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "5.5.0 all"
},
{
"status": "unaffected",
"version": "6.0.0 all"
},
{
"status": "unaffected",
"version": "6.0.1 all"
},
{
"status": "unaffected",
"version": "6.0.2 all"
},
{
"changes": [
{
"at": "1271064",
"status": "unaffected"
},
{
"at": "1016923",
"status": "affected"
}
],
"lessThan": "6.1.0*",
"status": "affected",
"version": "1016923",
"versionType": "custom"
},
{
"changes": [
{
"at": "1271065",
"status": "unaffected"
}
],
"lessThan": "1271065",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue is applicable only to Cortex XSOAR configurations with active API key integrations.\n\nYou can determine whether your configuration is impacted by selecting \u2018Settings \u003e Integration \u003e API Keys\u2019 from the Cortex XSOAR web client."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found during internal security review."
}
],
"datePublic": "2021-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T17:15:11",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3044"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-06-22T00:00:00",
"value": "Initial publication"
}
],
"title": "Cortex XSOAR: Unauthorized Usage of the REST API",
"workarounds": [
{
"lang": "en",
"value": "You must revoke all active integration API keys to fully mitigate the impact of this issue.\n\nTo revoke integration API keys from the Cortex XSOAR web client:\nSettings \u003e Integration \u003e API Keys and then Revoke each API key.\n\nYou can create new API keys after you upgrade Cortex XSOAR to a fixed version."
},
{
"lang": "en",
"value": "Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-06-22T16:00:00.000Z",
"ID": "CVE-2021-3044",
"STATE": "PUBLIC",
"TITLE": "Cortex XSOAR: Unauthorized Usage of the REST API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XSOAR",
"version": {
"version_data": [
{
"version_affected": "!",
"version_name": "5.5.0",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "6.0.0",
"version_value": "all"
},
{
"version_affected": "\u003e=",
"version_name": "6.1.0",
"version_value": "1016923"
},
{
"version_affected": "\u003c",
"version_name": "6.1.0",
"version_value": "1271064"
},
{
"version_affected": "!\u003c",
"version_name": "6.1.0",
"version_value": "1016923"
},
{
"version_affected": "!\u003e=",
"version_name": "6.1.0",
"version_value": "1271064"
},
{
"version_affected": "\u003c",
"version_name": "6.2.0",
"version_value": "1271065"
},
{
"version_affected": "!\u003e=",
"version_name": "6.2.0",
"version_value": "1271065"
},
{
"version_affected": "!",
"version_name": "6.0.1",
"version_value": "all"
},
{
"version_affected": "!",
"version_name": "6.0.2",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue is applicable only to Cortex XSOAR configurations with active API key integrations.\n\nYou can determine whether your configuration is impacted by selecting \u2018Settings \u003e Integration \u003e API Keys\u2019 from the Cortex XSOAR web client."
}
],
"credit": [
{
"lang": "eng",
"value": "This issue was found during internal security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3044",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3044"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-06-22T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "You must revoke all active integration API keys to fully mitigate the impact of this issue.\n\nTo revoke integration API keys from the Cortex XSOAR web client:\nSettings \u003e Integration \u003e API Keys and then Revoke each API key.\n\nYou can create new API keys after you upgrade Cortex XSOAR to a fixed version."
},
{
"lang": "en",
"value": "Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3044",
"datePublished": "2021-06-22T17:15:11.305119Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-16T17:23:37.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0027
Vulnerability from cvelistv5
Published
2022-05-11 16:30
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2022-0027 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Palo Alto Networks | Cortex XSOAR |
Version: 6.1.* Version: 6.2.* Version: 6.5.* Version: 6.6 < 6.6.0.2585049 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cortex XSOAR",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "affected",
"version": "6.1.*"
},
{
"status": "affected",
"version": "6.2.*"
},
{
"status": "affected",
"version": "6.5.*"
},
{
"changes": [
{
"at": "6.6.0.2585049",
"status": "unaffected"
}
],
"lessThan": "6.6.0.2585049",
"status": "affected",
"version": "6.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Nelson M. of Black Lantern Security for discovering and reporting this issue."
}
],
"datePublic": "2022-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:30:27",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0027"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 6.6.0 build 6.6.0.2585049 and all later Cortex XSOAR versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-05-11T00:00:00",
"value": "Initial publication"
}
],
"title": "Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-05-11T16:00:00.000Z",
"ID": "CVE-2022-0027",
"STATE": "PUBLIC",
"TITLE": "Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XSOAR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.6",
"version_value": "6.6.0.2585049"
},
{
"version_affected": "=",
"version_name": "6.1",
"version_value": "6.1.*"
},
{
"version_affected": "=",
"version_name": "6.2",
"version_value": "6.2.*"
},
{
"version_affected": "=",
"version_name": "6.5",
"version_value": "6.5.*"
},
{
"version_affected": "!\u003e=",
"version_name": "6.6",
"version_value": "6.6.0.2585049"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Nelson M. of Black Lantern Security for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0027",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0027"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 6.6.0 build 6.6.0.2585049 and all later Cortex XSOAR versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-05-11T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"Cortex XSOAR 6.6",
"Cortex XSOAR 6.5",
"Cortex XSOAR 6.2",
"Cortex XSOAR 6.1"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0027",
"datePublished": "2022-05-11T16:30:27.103576Z",
"dateReserved": "2021-12-28T00:00:00",
"dateUpdated": "2024-09-16T23:06:08.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0003
Vulnerability from cvelistv5
Published
2023-02-08 17:22
Modified
2024-11-27 17:25
Severity ?
EPSS score ?
Summary
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Palo Alto Networks | Cortex XSOAR |
Version: 6.10.0.0 < 6.10.0.185964 Version: 6.9 < 6.9.B185415 Version: 6.8 < 6.8.B185719 Version: 6.6 < 6.6.B186115 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-0003"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T15:05:49.967297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T17:25:42.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Cortex XSOAR Server"
],
"product": "Cortex XSOAR",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.1 All"
},
{
"changes": [
{
"at": "6.10.0.185964",
"status": "unaffected"
}
],
"lessThan": "6.10.0.185964",
"status": "affected",
"version": "6.10.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.9.B185415",
"status": "unaffected"
}
],
"lessThan": "6.9.B185415",
"status": "affected",
"version": "6.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.8.B185719",
"status": "unaffected"
}
],
"lessThan": "6.8.B185719",
"status": "affected",
"version": "6.8",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.6.B186115",
"status": "unaffected"
}
],
"lessThan": "6.6.B186115",
"status": "affected",
"version": "6.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Palo Alto Networks thanks Eric Turpin for discovering and reporting this issue."
}
],
"datePublic": "2023-02-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.\u003cbr\u003e"
}
],
"value": "A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-08T17:22:07.660Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0003"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XSOAR 6.6 build B186115, Cortex XSOAR 6.8 build B185719, Cortex XSOAR 6.9 build B185415, Cortex XSOAR 6.10 build 185964, and all later builds of Cortex XSOAR.\u003cbr\u003e\u003cbr\u003eNOTE: Cortex XSOAR 6.10.0 build 185964 is generally available for customers to download. Customers using Cortex XSOAR hosted services, and those wanting to upgrade to a non-generally available build, will need to make a Customer Support request at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\"\u003ehttps://support.paloaltonetworks.com/\u003c/a\u003e to upgrade.\u003cbr\u003e"
}
],
"value": "This issue is fixed in Cortex XSOAR 6.6 build B186115, Cortex XSOAR 6.8 build B185719, Cortex XSOAR 6.9 build B185415, Cortex XSOAR 6.10 build 185964, and all later builds of Cortex XSOAR.\n\nNOTE: Cortex XSOAR 6.10.0 build 185964 is generally available for customers to download. Customers using Cortex XSOAR hosted services, and those wanting to upgrade to a non-generally available build, will need to make a Customer Support request at https://support.paloaltonetworks.com/ https://support.paloaltonetworks.com/ to upgrade.\n"
}
],
"source": {
"defect": [
"CRTX-65775"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-08T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003e"
}
],
"value": "There are no known workarounds for this issue.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-0003",
"datePublished": "2023-02-08T17:22:07.660Z",
"dateReserved": "2022-10-27T18:48:12.679Z",
"dateUpdated": "2024-11-27T17:25:42.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9470
Vulnerability from cvelistv5
Published
2024-10-09 17:06
Modified
2024-10-18 11:56
Severity ?
EPSS score ?
Summary
A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-9470 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Palo Alto Networks | Cortex XSOAR |
Version: 6.12.0 < 6.12.0 (Build 1271551) cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.12.0:B857430:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.12.0:B661643:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.12.0:B493375:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.12.0:-:*:*:*:*:*:* |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:40:29.962911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:40:40.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.12.0:B857430:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.12.0:B661643:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.12.0:B493375:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.12.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cortex XSOAR",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "8.0.0"
},
{
"status": "unaffected",
"version": "6.13.0"
},
{
"changes": [
{
"at": "6.12.0 (Build 1271551)",
"status": "unaffected"
}
],
"lessThan": "6.12.0 (Build 1271551)",
"status": "affected",
"version": "6.12.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bobby Roos of Kyndryl CSIRT"
}
],
"datePublic": "2024-10-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data."
}
],
"value": "A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T11:56:57.614Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-9470"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XSOAR 6.12.0 (Build 1271551), and all later Cortex XSOAR versions."
}
],
"value": "This issue is fixed in Cortex XSOAR 6.12.0 (Build 1271551), and all later Cortex XSOAR versions."
}
],
"source": {
"defect": [
"CRTX-105114"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-10-09T16:00:00.000Z",
"value": "Initial publication"
}
],
"title": "Cortex XSOAR: Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-9470",
"datePublished": "2024-10-09T17:06:13.944Z",
"dateReserved": "2024-10-03T11:35:17.024Z",
"dateUpdated": "2024-10-18T11:56:57.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3049
Vulnerability from cvelistv5
Published
2021-09-08 17:10
Modified
2024-09-16 20:58
Severity ?
EPSS score ?
Summary
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2021-3049 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Palo Alto Networks | Cortex XSOAR |
Version: 5.5.0 all Version: 6.1.0 < 12099345 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cortex XSOAR",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "affected",
"version": "5.5.0 all"
},
{
"status": "unaffected",
"version": "6.2.0 all"
},
{
"changes": [
{
"at": "12099345",
"status": "unaffected"
}
],
"lessThan": "12099345",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks would like to thank CAGIP for discovering and reporting this issue."
}
],
"datePublic": "2021-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-08T17:10:14",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3049"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 6.1.0 build 12099345 and all later Cortex XSOAR versions.\n\nThere are currently no Cortex XSOAR 5.5.0 updates available for this issue."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-09-08T00:00:00",
"value": "Initial publication"
}
],
"title": "Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-09-08T16:00:00.000Z",
"ID": "CVE-2021-3049",
"STATE": "PUBLIC",
"TITLE": "Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XSOAR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.1.0",
"version_value": "12099345"
},
{
"version_affected": "=",
"version_name": "5.5.0",
"version_value": "all"
},
{
"version_affected": "!\u003e=",
"version_name": "6.1.0",
"version_value": "12099345"
},
{
"version_affected": "!",
"version_name": "6.2.0",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks would like to thank CAGIP for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3049",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3049"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 6.1.0 build 12099345 and all later Cortex XSOAR versions.\n\nThere are currently no Cortex XSOAR 5.5.0 updates available for this issue."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-09-08T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_affectedList": [
"Cortex XSOAR 6.1.0",
"Cortex XSOAR 5.5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3049",
"datePublished": "2021-09-08T17:10:14.957161Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-16T20:58:16.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3034
Vulnerability from cvelistv5
Published
2021-03-10 18:10
Modified
2024-09-16 16:38
Severity ?
EPSS score ?
Summary
An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2021-3034 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Palo Alto Networks | Cortex XSOAR |
Version: 5.5.0 < 98622 Version: 6.0.2 < 98623 Version: 6.0.1 < 830029 Version: 6.1.0 < 848144 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cortex XSOAR",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "98622",
"status": "unaffected"
}
],
"lessThan": "98622",
"status": "affected",
"version": "5.5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "98623",
"status": "unaffected"
}
],
"lessThan": "98623",
"status": "affected",
"version": "6.0.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "830029",
"status": "unaffected"
}
],
"lessThan": "830029",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "848144",
"status": "unaffected"
}
],
"lessThan": "848144",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue is applicable only to Cortex XSOAR appliances configured to use SAML SSO and where the \u0027Test\u0027 button was used at some point to test the integration during SAML SSO setup."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Martin Spielmann and Stefan Lubienetzki for discovering and reporting this issue."
}
],
"datePublic": "2021-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the \u0027/var/log/demisto/\u0027 server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-11T14:22:39",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3034"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 5.5.0 build 98622, Cortex XSOAR 6.0.1 build 830029, Cortex XSOAR 6.0.2 build 98623, Cortex XSOAR 6.1.0 build 848144, and all later Cortex XSOAR versions.\n\nAfter you upgrade the Cortex XSOAR appliance, you must configure a new private key for SAML SSO integration. Clear the server system logs using the instructions provided in the Workarounds and Mitigations section to remove any potentially logged secrets."
}
],
"source": {
"defect": [
"XSOAR-33287"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-03-10T00:00:00",
"value": "Initial publication"
}
],
"title": "Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs",
"workarounds": [
{
"lang": "en",
"value": "You must configure a new private key for SAML SSO integration and you should not use the \u0027Test\u0027 button at any time during setup until after you complete the Cortex XSOAR upgrade.\n\nYou must clear all server system log files located in the \u0027/var/log/demisto/\u0027 directory. There may be several files in this directory, including the server.log file and other archived server logs.\n\nYou can clear all server system logs by stopping the server and running the \u0027rm /var/log/demisto/server*.log\u0027 command from the console."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-03-10T17:00:00.000Z",
"ID": "CVE-2021-3034",
"STATE": "PUBLIC",
"TITLE": "Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XSOAR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.5.0",
"version_value": "98622"
},
{
"version_affected": "\u003c",
"version_name": "6.0.2",
"version_value": "98623"
},
{
"version_affected": "\u003c",
"version_name": "6.0.1",
"version_value": "830029"
},
{
"version_affected": "\u003c",
"version_name": "6.1.0",
"version_value": "848144"
},
{
"version_affected": "!\u003e=",
"version_name": "5.5.0",
"version_value": "98622"
},
{
"version_affected": "!\u003e=",
"version_name": "6.0.2",
"version_value": "98623"
},
{
"version_affected": "!\u003e=",
"version_name": "6.0.1",
"version_value": "830029"
},
{
"version_affected": "!\u003e=",
"version_name": "6.1.0",
"version_value": "848144"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue is applicable only to Cortex XSOAR appliances configured to use SAML SSO and where the \u0027Test\u0027 button was used at some point to test the integration during SAML SSO setup."
}
],
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Martin Spielmann and Stefan Lubienetzki for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the \u0027/var/log/demisto/\u0027 server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3034",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3034"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 5.5.0 build 98622, Cortex XSOAR 6.0.1 build 830029, Cortex XSOAR 6.0.2 build 98623, Cortex XSOAR 6.1.0 build 848144, and all later Cortex XSOAR versions.\n\nAfter you upgrade the Cortex XSOAR appliance, you must configure a new private key for SAML SSO integration. Clear the server system logs using the instructions provided in the Workarounds and Mitigations section to remove any potentially logged secrets."
}
],
"source": {
"defect": [
"XSOAR-33287"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-03-10T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "You must configure a new private key for SAML SSO integration and you should not use the \u0027Test\u0027 button at any time during setup until after you complete the Cortex XSOAR upgrade.\n\nYou must clear all server system log files located in the \u0027/var/log/demisto/\u0027 directory. There may be several files in this directory, including the server.log file and other archived server logs.\n\nYou can clear all server system logs by stopping the server and running the \u0027rm /var/log/demisto/server*.log\u0027 command from the console."
}
],
"x_affectedList": [
"Cortex XSOAR 6.1.0",
"Cortex XSOAR 6.0.2",
"Cortex XSOAR 6.0.1",
"Cortex XSOAR 5.5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3034",
"datePublished": "2021-03-10T18:10:13.665033Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-16T16:38:50.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3051
Vulnerability from cvelistv5
Published
2021-09-08 17:10
Modified
2024-09-17 01:10
Severity ?
EPSS score ?
Summary
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2021-3051 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Palo Alto Networks | Cortex XSOAR |
Version: 5.5.0 < 1578677 Version: 6.0.2 < 1576452 Version: 6.1.0 < 1578663 Version: 6.2.0 < 1578666 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cortex XSOAR",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "1578677",
"status": "unaffected"
}
],
"lessThan": "1578677",
"status": "affected",
"version": "5.5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "1576452",
"status": "unaffected"
}
],
"lessThan": "1576452",
"status": "affected",
"version": "6.0.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "1578663",
"status": "unaffected"
}
],
"lessThan": "1578663",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "1578666",
"status": "unaffected"
}
],
"lessThan": "1578666",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue is applicable only to Cortex XSOAR configurations with SAML authentication integration enabled.\n\nYou can determine if your configuration has SAML authentication integration enabled by selecting \u0027Settings \u003e Servers \u0026 Services\u0027 and searching for \u0027SAML\u0027."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by a customer of Palo Alto Networks during a security review."
}
],
"datePublic": "2021-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-08T17:10:16",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3051"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 5.5.0 build 1578677, Cortex XSOAR 6.0.2 build 1576452, Cortex XSOAR 6.1.0 build 1578663, Cortex XSOAR 6.2.0 build 1578666, and all later Cortex XSOAR versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-09-08T00:00:00",
"value": "Initial publication"
}
],
"title": "Cortex XSOAR: Authentication Bypass in SAML Authentication",
"workarounds": [
{
"lang": "en",
"value": "To completely prevent this issue from being exploited before you can upgrade your Cortex XSOAR server, disable SAML authentication integration.\n\nYou can also restrict network access to the Cortex XSOAR server to allow only trusted users to further reduce the impact of this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-09-08T16:00:00.000Z",
"ID": "CVE-2021-3051",
"STATE": "PUBLIC",
"TITLE": "Cortex XSOAR: Authentication Bypass in SAML Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cortex XSOAR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.5.0",
"version_value": "1578677"
},
{
"version_affected": "\u003c",
"version_name": "6.0.2",
"version_value": "1576452"
},
{
"version_affected": "\u003c",
"version_name": "6.1.0",
"version_value": "1578663"
},
{
"version_affected": "\u003c",
"version_name": "6.2.0",
"version_value": "1578666"
},
{
"version_affected": "!\u003e=",
"version_name": "5.5.0",
"version_value": "1578677"
},
{
"version_affected": "!\u003e=",
"version_name": "6.0.2",
"version_value": "1576452"
},
{
"version_affected": "!\u003e=",
"version_name": "6.1.0",
"version_value": "1578663"
},
{
"version_affected": "!\u003e=",
"version_name": "6.2.0",
"version_value": "1578666"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue is applicable only to Cortex XSOAR configurations with SAML authentication integration enabled.\n\nYou can determine if your configuration has SAML authentication integration enabled by selecting \u0027Settings \u003e Servers \u0026 Services\u0027 and searching for \u0027SAML\u0027."
}
],
"credit": [
{
"lang": "eng",
"value": "This issue was found by a customer of Palo Alto Networks during a security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3051",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3051"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 5.5.0 build 1578677, Cortex XSOAR 6.0.2 build 1576452, Cortex XSOAR 6.1.0 build 1578663, Cortex XSOAR 6.2.0 build 1578666, and all later Cortex XSOAR versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-09-08T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "To completely prevent this issue from being exploited before you can upgrade your Cortex XSOAR server, disable SAML authentication integration.\n\nYou can also restrict network access to the Cortex XSOAR server to allow only trusted users to further reduce the impact of this issue."
}
],
"x_affectedList": [
"Cortex XSOAR 6.2.0",
"Cortex XSOAR 6.1.0",
"Cortex XSOAR 6.0.2",
"Cortex XSOAR 5.5.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3051",
"datePublished": "2021-09-08T17:10:16.586949Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T01:10:46.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0020
Vulnerability from cvelistv5
Published
2022-02-10 18:10
Modified
2024-09-16 16:53
Severity ?
EPSS score ?
Summary
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Palo Alto Networks | Cortex XSOAR |
Version: 6.1.0 all Version: 6.2.0 < 1958888 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0020"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171782/Palo-Alto-Cortex-XSOAR-6.5.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cortex XSOAR",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "6.5.0 all"
},
{
"status": "affected",
"version": "6.1.0 all"
},
{
"changes": [
{
"at": "1958888",
"status": "unaffected"
}
],
"lessThan": "1958888",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks \u00d6m\u00fcr U\u011fur of T\u00fcrk Telekom for discovering and reporting this issue."
}
],
"datePublic": "2022-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2022-0020"
},
{
"url": "http://packetstormsecurity.com/files/171782/Palo-Alto-Cortex-XSOAR-6.5.0-Cross-Site-Scripting.html"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Cortex XSOAR 6.2.0 build 1958888 and all later Cortex XSOAR versions."
}
],
"source": {
"defect": [
"PDV-2194"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00",
"value": "Initial publication"
}
],
"title": "Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0020",
"datePublished": "2022-02-10T18:10:23.382535Z",
"dateReserved": "2021-12-28T00:00:00",
"dateUpdated": "2024-09-16T16:53:59.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}