Paloaltonetworks

Cortex Xsoar

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2026-0234

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 13.04.2026 07:15:03
  • Zuletzt bearbeitet 13.04.2026 15:01:43

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

5.3

CVE-2024-9470

  • EPSS 0.23%
  • Veröffentlicht 09.10.2024 17:15:20
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.

6.7

CVE-2023-3282

  • EPSS 0.03%
  • Veröffentlicht 08.11.2023 18:15:07
  • Zuletzt bearbeitet 21.11.2024 08:16:55

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the e...

6.5

CVE-2023-0003

  • EPSS 1.05%
  • Veröffentlicht 08.02.2023 18:15:11
  • Zuletzt bearbeitet 13.02.2025 17:15:52

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

6.7

CVE-2022-0031

  • EPSS 0.02%
  • Veröffentlicht 09.11.2022 18:15:12
  • Zuletzt bearbeitet 21.11.2024 06:37:51

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.

4.3

CVE-2022-0027

  • EPSS 0.15%
  • Veröffentlicht 11.05.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:37:50

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, inc...

5.4

CVE-2022-0020

  • EPSS 1.01%
  • Veröffentlicht 10.02.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:37:50

A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web int...

4.3

CVE-2021-3049

  • EPSS 0.11%
  • Veröffentlicht 08.09.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 06:20:50

An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are n...

8.1

CVE-2021-3051

  • EPSS 0.14%
  • Veröffentlicht 08.09.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 06:20:51

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and...

7.5

CVE-2021-3044

  • EPSS 0.36%
  • Veröffentlicht 22.06.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:20:49

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR...