Vulnerabilities > Paloaltonetworks > Cortex Xsoar > 5.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-08 | CVE-2023-3282 | Incorrect Permission Assignment for Critical Resource vulnerability in Paloaltonetworks Cortex Xsoar A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. | 6.7 |
| 2021-09-08 | CVE-2021-3049 | Unspecified vulnerability in Paloaltonetworks Cortex Xsoar 5.5.0/6.1.0 An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. | 4.0 |
| 2021-09-08 | CVE-2021-3051 | Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Cortex Xsoar An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. | 6.8 |
| 2021-03-10 | CVE-2021-3034 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Cortex Xsoar An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. | 3.6 |