CVE-2021-3049 — Improper Authorization in Palo Alto Networks Cortex Xsoar

CWE-285 — Improper Authorization CWE-863 — Incorrect Authorization4 documents4 sources

Severity

4.3MEDIUMNVD

CNA2.6

EPSS

0.1%

top 70.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Cortex Xsoar Paloaltonetworks Cortex Xsoar Paloalto Cortex Xsoar

Timeline

PublishedSep 8

Latest updateMay 24

Description

An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5palo_alto_networks/cortex_xsoar6.1.0 — 12099345+1

▶NVDpaloaltonetworks/cortex_xsoar5.5.0, 6.1.0+1

▶Palo Altopaloalto/cortex_xsoar

🔴Vulnerability Details

GHSA

GHSA-j74x-6rh4-f7q2: An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigati↗2022-05-24

▶

CVEList

Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability↗2021-09-08

▶

📋Vendor Advisories

Palo Alto

Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability↗2021-09-08

▶