Vulnerability Description
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Cortex Xsoar | >= 6.6.0, < 6.6.0.2585049 |
Related Weaknesses (CWE)
References
- https://security.paloaltonetworks.com/CVE-2022-0027Vendor Advisory
- https://security.paloaltonetworks.com/CVE-2022-0027Vendor Advisory
FAQ
What is CVE-2022-0027?
CVE-2022-0027 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information abo...
How severe is CVE-2022-0027?
CVE-2022-0027 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0027?
Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Cortex Xsoar.