CVE-2022-0027
published 2022-05-11CVE-2022-0027: An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email…
PriorityP422medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.50%
39.0th percentile
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | cortex_xsoar | — | — |
| palo_alto_networks | cortex_xsoar | — | — |
| palo_alto_networks | cortex_xsoar | — | — |
| palo_alto_networks | cortex_xsoar | >= 6.6 < 6.6.0.2585049 | 6.6.0.2585049 |
| paloalto | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | >= 6.6.0 < 6.6.0.2585049 | 6.6.0.2585049 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
cisa8.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
XStream Remote Code Execution Vulnerability
cisa·2023-03-10·CVSS 8.5
CVE-2021-39144 [HIGH] CWE-94 XStream Remote Code Execution Vulnerability
Vulnerability: XStream Remote Code Execution Vulnerability
Affected: XStream XStream
XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation.
Required Action: Apply updates per vendor instructions.
Notes: https://www.vmware.com/security/advisories/VMSA-2022-0027.html, https://x-stream.github.io/CVE-2021-39144.html; https://nvd.nist.gov/vuln/detail/CVE-2021-39144
Remediation Due Date: 2023-03-31
VMware
VMware Cloud Foundation updates address multiple vulnerabilities.
vendor_vmware·2022-10-25·CVSS 8.5
CVE-2021-39144 [HIGH] VMware Cloud Foundation updates address multiple vulnerabilities.
VMSA-2022-0027: VMware Cloud Foundation updates address multiple vulnerabilities.
VMware Cloud Foundation contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
CVEs: CVE-2021-39144, CVE-2022-31678
Affected products: VMware Cloud Foundation
Palo Alto
Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports
vendor_paloalto·2022-05-11·CVSS 4.3
CVE-2022-0027 [MEDIUM] CWE-285 Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports
Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access.
Affected products: Cortex XSOAR
Solution: This issue is fixed in Cortex XSOAR 6.6.0 build 6.6.0.2585049 and all later Cortex XSOAR versions.
Workaround: There are no known workarounds for this issue.
GHSA
GHSA-386g-pgm8-cfcr: An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an
ghsa_unreviewed·2022-05-12
CVE-2022-0027 [MEDIUM] CWE-285 GHSA-386g-pgm8-cfcr: An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-05-11
Published