Palo Alto Networks Security Advisories / CVE-2021-3049

CVE-2021-3049 Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability

Severity 2.6 · LOW
Attack Vector NETWORK
Attack Complexity HIGH
Confidentiality Impact LOW
Privileges Required LOW
Integrity Impact NONE
User Interaction REQUIRED
Availability Impact NONE


An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of.

This issue impacts:

All Cortex XSOAR 5.5.0 builds;

Cortex XSOAR 6.1.0 builds earlier than 12099345.

This issue does not impact Cortex XSOAR 6.2.0 versions.

Product Status

Cortex XSOAR 6.2.0Noneall
Cortex XSOAR 6.1.0< 12099345>= 12099345
Cortex XSOAR 5.5.0all

Severity: LOW

CVSSv3.1 Base Score: 2.6 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-285 Improper Authorization


This issue is fixed in Cortex XSOAR 6.1.0 build 12099345 and all later Cortex XSOAR versions.

There are currently no Cortex XSOAR 5.5.0 updates available for this issue.

Workarounds and Mitigations

There are no known workarounds for this issue.


Palo Alto Networks would like to thank CAGIP for discovering and reporting this issue.


Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.