CVE-2022-0027

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 11-05-2022 07:15

Last modified: - 20-05-2022 03:30

Total changes: - 2

Description

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

4.3

Base score

2.8

1.4

Exploitability score

Impact score

Verification logic

vendor=paloaltonetworks AND product=cortex_xsoar AND version=6.2.0 AND update=-

vendor=paloaltonetworks AND product=cortex_xsoar AND version=6.1.0 AND update=-

vendor=paloaltonetworks AND product=cortex_xsoar AND versionStartIncluding=6.6.0 AND versionEndExcluding=6.6.0.2585049

vendor=paloaltonetworks AND product=cortex_xsoar AND version=6.5.0 AND update=-

Reference

https://security.paloaltonetworks.com/CVE-2022-0027

Keywords

CVE-2022-0027

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-0027

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures