9.1
CVE-2026-0234
- EPSS 0.23%
- Veröffentlicht 13.04.2026 07:15:03
- Zuletzt bearbeitet 07.07.2026 18:08:26
- Quelle psirt@paloaltonetworks.com
- CVE-Watchlists
- Unerledigt
Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Cortex Xsiam Version >= 1.5.0 < 1.5.52
Paloaltonetworks ≫ Cortex Xsoar Version >= 1.5.0 < 1.5.52
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.139 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| psirt@paloaltonetworks.com | 7.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Red
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://security.paloaltonetworks.com/CVE-2026-0234