Lucene search

Palo_altoCVELIST:CVE-2023-0003

HistoryFeb 08, 2023 - 5:22 p.m.

CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server

2023-02-0817:22:07

CWE-73

palo_alto

www.cve.org

cortex xsoar

vulnerability

authenticated user

local files

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Cortex XSOAR Server"
    ],
    "product": "Cortex XSOAR",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "8.1 All"
      },
      {
        "changes": [
          {
            "at": "6.10.0.185964",
            "status": "unaffected"
          }
        ],
        "lessThan": "6.10.0.185964",
        "status": "affected",
        "version": "6.10.0.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "6.9.B185415",
            "status": "unaffected"
          }
        ],
        "lessThan": "6.9.B185415",
        "status": "affected",
        "version": "6.9",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "6.8.B185719",
            "status": "unaffected"
          }
        ],
        "lessThan": "6.8.B185719",
        "status": "affected",
        "version": "6.8",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "6.6.B186115",
            "status": "unaffected"
          }
        ],
        "lessThan": "6.6.B186115",
        "status": "affected",
        "version": "6.6",
        "versionType": "custom"
      }
    ]
  }
]

References

lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/

lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/

lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/

lists.fedoraproject.org/archives/list/[email protected]/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/

lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/

lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/

lists.fedoraproject.org/archives/list/[email protected]/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/

lists.fedoraproject.org/archives/list/[email protected]/message/VEEQIN5242K5NBE2CZ4DYTNA5B4YTYE5/

lists.fedoraproject.org/archives/list/[email protected]/message/VKFMKD4MJZIKFQJAAJ4VZ2FHIJ764A76/

lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/

security.paloaltonetworks.com/CVE-2023-0003

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Related for CVELIST:CVE-2023-0003