Palo Alto Networks Security Advisories / CVE-2022-0027

CVE-2022-0027 Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports

047910
Severity 4.3 · MEDIUM
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required LOW
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE

Description

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access.

This issue impacts:

All versions of Cortex XSOAR 6.1;

All versions of Cortex XSOAR 6.2;

All versions of Cortex XSOAR 6.5;

Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.

Product Status

VersionsAffectedUnaffected
Cortex XSOAR 6.6< 6.6.0.2585049>= 6.6.0.2585049
Cortex XSOAR 6.56.5.*
Cortex XSOAR 6.26.2.*
Cortex XSOAR 6.16.1.*

Severity:MEDIUM

CVSSv3.1 Base Score:4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-285 Improper Authorization

Solution

This issue is fixed in Cortex XSOAR 6.6.0 build 6.6.0.2585049 and all later Cortex XSOAR versions.

Workarounds and Mitigations

There are no known workarounds for this issue.

Acknowledgments

Palo Alto Networks thanks Nelson M. of Black Lantern Security for discovering and reporting this issue.

Timeline

Initial publication
© 2022 Palo Alto Networks, Inc. All rights reserved.