CVE Vulnerability

CVE-2022-0027

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://security.paloaltonetworks.com/CVE-2022-0027 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xsoar:*:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:-:*:*:*:*:*:*
Information

Published : 2022-05-11 05:15

Updated : 2022-05-20 01:30

NVD link : CVE-2022-0027

Mitre link : CVE-2022-0027

Products Affected

Cortex Xsoar

Paloaltonetworks

CWE
CWE-863