4.3
CVE-2021-3049
- EPSS 0.11%
- Veröffentlicht 08.09.2021 17:15:11
- Zuletzt bearbeitet 21.11.2024 06:20:50
- Quelle psirt@paloaltonetworks.com
- CVE-Watchlists
- Unerledigt
LoginCortex XSOAR: Improper Authorization of Incident Investigations Vulnerability
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update-
Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update70066
Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update73387
Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update75211
Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update78518
Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update94592
Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update-
Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update1016923
Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update1031903
Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update1077664
Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update848144
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.267 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| psirt@paloaltonetworks.com | 2.6 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.