An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of.
This issue impacts:
All Cortex XSOAR 5.5.0 builds;
Cortex XSOAR 6.1.0 builds earlier than 12099345.
This issue does not impact Cortex XSOAR 6.2.0 versions.
|Cortex XSOAR 6.2.0||None||all|
|Cortex XSOAR 6.1.0||< 12099345||>= 12099345|
|Cortex XSOAR 5.5.0||all|
CVSSv3.1 Base Score: 2.6 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)
Palo Alto Networks is not aware of any malicious exploitation of this issue.
This issue is fixed in Cortex XSOAR 6.1.0 build 12099345 and all later Cortex XSOAR versions.
There are currently no Cortex XSOAR 5.5.0 updates available for this issue.
There are no known workarounds for this issue.