4 results (0.007 seconds)

CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. Una vulnerabilidad de escalada de privilegios local (PE) en el software del motor Cortex XSOAR de Palo Alto Networks que se ejecuta en un sistema operativo Linux permite a un atacante local ejecutar programas con privilegios elevados si el atacante tiene acceso de shell al motor. • https://security.paloaltonetworks.com/CVE-2023-3282 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE https://lists.fedoraproject.org/archives/list/package-announce@lists.fe • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges. Una vulnerabilidad de Escalada de Privilegios (PE) locales en el software del motor Cortex XSOAR de Palo Alto Networks que se ejecuta en un Sistema Operativo Linux permite a un atacante local con acceso de shell al motor, ejecutar programas con privilegios elevados. • https://security.paloaltonetworks.com/CVE-2022-0031 • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049. Una vulnerabilidad de autorización inapropiada en el software Cortex XSOAR de Palo Alto Network permite a usuarios autenticados en grupos de sólo lectura generar un informe de correo electrónico que contiene información resumida sobre todos los incidentes en la instancia de Cortex XSOAR, incluidos los incidentes a los que el usuario no presenta acceso. Este problema afecta: Todas las versiones de Cortex XSOAR 6.1; Todas las versiones de Cortex XSOAR 6.2; Todas las versiones de Cortex XSOAR 6.5; Versiones de Cortex XSOAR 6.6 anteriores a Cortex XSOAR 6.6.0 build 6.6.0.2585049 • https://security.paloaltonetworks.com/CVE-2022-0027 • CWE-285: Improper Authorization •