CVE-2022-0027

EPSS 0.29%
Veröffentlicht 11.05.2022 17:15:09
Zuletzt bearbeitet 21.11.2024 06:37:50
Quelle psirt@paloaltonetworks.com
CVE-Watchlists
Login
Unerledigt
Login

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paloaltonetworks ≫ Cortex Xsoar Version >= 6.6.0 < 6.6.0.2585049

Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update-

Paloaltonetworks ≫ Cortex Xsoar Version6.2.0 Update-

Paloaltonetworks ≫ Cortex Xsoar Version6.5.0 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.515

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
psirt@paloaltonetworks.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://security.paloaltonetworks.com/CVE-2022-0027

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-0027

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-0027

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-0027

EUVD