Palo Alto Networks Security Advisories / CVE-2022-0027

CVE-2022-0027 Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports

Severity 4.3 · MEDIUM
Attack Vector NETWORK
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required LOW
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE


An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access.

This issue impacts:

All versions of Cortex XSOAR 6.1;

All versions of Cortex XSOAR 6.2;

All versions of Cortex XSOAR 6.5;

Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build

Product Status

Cortex XSOAR 6.6<>=
Cortex XSOAR 6.56.5.*
Cortex XSOAR 6.26.2.*
Cortex XSOAR 6.16.1.*


CVSSv3.1 Base Score:4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-285 Improper Authorization


This issue is fixed in Cortex XSOAR 6.6.0 build and all later Cortex XSOAR versions.

Workarounds and Mitigations

There are no known workarounds for this issue.


Palo Alto Networks thanks Nelson M. of Black Lantern Security for discovering and reporting this issue.


Initial publication
© 2023 Palo Alto Networks, Inc. All rights reserved.