Vulnerabilities > Paloaltonetworks > Cortex Xsoar > 6.2.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-08 CVE-2023-3282 Incorrect Permission Assignment for Critical Resource vulnerability in Paloaltonetworks Cortex Xsoar
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.
local
low complexity
paloaltonetworks CWE-732
6.7
2022-05-11 CVE-2022-0027 Unspecified vulnerability in Paloaltonetworks Cortex Xsoar
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access.
network
low complexity
paloaltonetworks
4.3
2022-02-10 CVE-2022-0020 Cross-site Scripting vulnerability in Paloaltonetworks Cortex Xsoar 6.1.0/6.2.0
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations.
network
low complexity
paloaltonetworks CWE-79
5.4
2021-09-08 CVE-2021-3051 Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Cortex Xsoar
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server.
network
high complexity
paloaltonetworks CWE-347
8.1