6.1.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

paloaltonetworks

NVD

Published: 2021-09-08

Updated: 2022-07-25

Summary

An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.

Vulnerable Configurations

Part	Description	Count
Application	Paloaltonetworks Paloaltonetworks Cortex Xsoar 5.5.0 Paloaltonetworks Cortex Xsoar 6.1.0	11

References

https://security.paloaltonetworks.com/CVE-2021-3049