CVE-2022-0027
Summary
| CVE | CVE-2022-0027 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-05-11 17:15:00 UTC |
| Updated | 2023-06-26 17:59:00 UTC |
| Description | An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Paloaltonetworks | Cortex Xsoar | All | All | All | All |
| Application | Paloaltonetworks | Cortex Xsoar | 6.1.0 | - | All | All |
| Application | Paloaltonetworks | Cortex Xsoar | 6.2.0 | - | All | All |
| Application | Paloaltonetworks | Cortex Xsoar | 6.5.0 | - | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2022-0027 Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports | MISC | security.paloaltonetworks.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Palo Alto Networks thanks Nelson M. of Black Lantern Security for discovering and reporting this issue.
There are currently no legacy QID mappings associated with this CVE.