CVE-2022-0027Improper Authorization in Palo Alto Networks Cortex Xsoar

CWE-285Improper AuthorizationCWE-863Incorrect AuthorizationCWE-94Code InjectionCWE-502Deserialization of Untrusted Data6 documents6 sources
Severity
4.3MEDIUMNVD
CISA8.5
EPSS
0.1%
top 64.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Cortex XsoarPaloaltonetworks Cortex XsoarPaloalto Cortex Xsoar
Timeline
PublishedMay 11
Latest updateMar 10

Description

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDpaloaltonetworks/cortex_xsoar6.6.06.6.0.2585049+3
CVEListV5palo_alto_networks/cortex_xsoar6.66.6.0.2585049+3

🔴Vulnerability Details

2
GHSA
GHSA-386g-pgm8-cfcr: An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an2022-05-12
CVEList
Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports2022-05-11

📋Vendor Advisories

3
CISA
XStream Remote Code Execution Vulnerability2023-03-10
VMware
VMware Cloud Foundation updates address multiple vulnerabilities.2022-10-25
Palo Alto
Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports2022-05-11
CVE-2022-0027 — Improper Authorization in Palo | cvebase