Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-3049
HistorySep 08, 2021 - 5:15 p.m.

CVE-2021-3049

2021-09-0817:15:11
CWE-285
[email protected]
web.nvd.nist.gov
3
improper authorization
palo alto networks
cortex xsoar
vulnerability
download files
incident investigations

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.

Affected configurations

Nvd
Node
paloaltonetworkscortex_xsoarMatch5.5.0-
OR
paloaltonetworkscortex_xsoarMatch5.5.070066
OR
paloaltonetworkscortex_xsoarMatch5.5.073387
OR
paloaltonetworkscortex_xsoarMatch5.5.075211
OR
paloaltonetworkscortex_xsoarMatch5.5.078518
OR
paloaltonetworkscortex_xsoarMatch5.5.094592
OR
paloaltonetworkscortex_xsoarMatch6.1.0-
OR
paloaltonetworkscortex_xsoarMatch6.1.01016923
OR
paloaltonetworkscortex_xsoarMatch6.1.01031903
OR
paloaltonetworkscortex_xsoarMatch6.1.01077664
OR
paloaltonetworkscortex_xsoarMatch6.1.0848144
VendorProductVersionCPE
paloaltonetworkscortex_xsoar5.5.0cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:-:*:*:*:*:*:*
paloaltonetworkscortex_xsoar5.5.0cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:70066:*:*:*:*:*:*
paloaltonetworkscortex_xsoar5.5.0cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:73387:*:*:*:*:*:*
paloaltonetworkscortex_xsoar5.5.0cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:75211:*:*:*:*:*:*
paloaltonetworkscortex_xsoar5.5.0cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:78518:*:*:*:*:*:*
paloaltonetworkscortex_xsoar5.5.0cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:94592:*:*:*:*:*:*
paloaltonetworkscortex_xsoar6.1.0cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:-:*:*:*:*:*:*
paloaltonetworkscortex_xsoar6.1.0cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923:*:*:*:*:*:*
paloaltonetworkscortex_xsoar6.1.0cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1031903:*:*:*:*:*:*
paloaltonetworkscortex_xsoar6.1.0cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1077664:*:*:*:*:*:*
Rows per page:
1-10 of 111

Related

prion 1
cvelist 1
cve 1
paloalto 1
prion
prion
Authorization
2021-09-08 17:15:00
cvelist
cvelist
CVE-2021-3049 Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability
2021-09-08 17:10:14
cve
cve
CVE-2021-3049
2021-09-08 17:15:11
paloalto
paloalto
Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability
2021-09-08 16:00:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON
Related for NVD:CVE-2021-3049
prion1cvelist1cve1paloalto1