Authorization

2021-09-0817:15:00

PRIOn knowledge base

www.prio-n.com

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.

CPENameOperatorVersion
cortex_xsoareq5.5.0 94592
cortex_xsoareq5.5.0 78518
cortex_xsoareq5.5.0 75211
cortex_xsoareq5.5.0 73387
cortex_xsoareq5.5.0 70066
cortex_xsoareq6.1.0 1016923
cortex_xsoareq6.1.0 1031903
cortex_xsoareq6.1.0 848144
cortex_xsoareq6.1.0 1077664
cortex_xsoareq6.1.0

Name	Operator	Version
cortex_xsoar	eq	5.5.0 94592
cortex_xsoar	eq	5.5.0 78518
cortex_xsoar	eq	5.5.0 75211
cortex_xsoar	eq	5.5.0 73387
cortex_xsoar	eq	5.5.0 70066
cortex_xsoar	eq	6.1.0 1016923
cortex_xsoar	eq	6.1.0 1031903
cortex_xsoar	eq	6.1.0 848144
cortex_xsoar	eq	6.1.0 1077664
cortex_xsoar	eq	6.1.0