CVE-2023-3282 – Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
https://notcve.org/view.php?id=CVE-2023-3282
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. Una vulnerabilidad de escalada de privilegios local (PE) en el software del motor Cortex XSOAR de Palo Alto Networks que se ejecuta en un sistema operativo Linux permite a un atacante local ejecutar programas con privilegios elevados si el atacante tiene acceso de shell al motor. • https://security.paloaltonetworks.com/CVE-2023-3282 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2022-0027 – Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports
https://notcve.org/view.php?id=CVE-2022-0027
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049. Una vulnerabilidad de autorización inapropiada en el software Cortex XSOAR de Palo Alto Network permite a usuarios autenticados en grupos de sólo lectura generar un informe de correo electrónico que contiene información resumida sobre todos los incidentes en la instancia de Cortex XSOAR, incluidos los incidentes a los que el usuario no presenta acceso. Este problema afecta: Todas las versiones de Cortex XSOAR 6.1; Todas las versiones de Cortex XSOAR 6.2; Todas las versiones de Cortex XSOAR 6.5; Versiones de Cortex XSOAR 6.6 anteriores a Cortex XSOAR 6.6.0 build 6.6.0.2585049 • https://security.paloaltonetworks.com/CVE-2022-0027 • CWE-285: Improper Authorization •
CVE-2022-0020 – Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface
https://notcve.org/view.php?id=CVE-2022-0020
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en la interfaz web de Palo Alto Network Cortex XSOAR permite a un atacante autenticado basado en la red almacenar una carga útil de javascript persistente que llevará a cabo acciones arbitrarias en la interfaz web de Cortex XSOAR en nombre de los administradores autenticados que encuentren la carga útil durante las operaciones normales. Este problema afecta: Todas las versiones de Cortex XSOAR 6.1.0; versiones de Cortex XSOAR 6.2.0 anteriores a la versión 1958888 Palo Alto Cortex XSOAR version 6.5.0 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/51343 http://packetstormsecurity.com/files/171782/Palo-Alto-Cortex-XSOAR-6.5.0-Cross-Site-Scripting.html https://security.paloaltonetworks.com/CVE-2022-0020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-3051 – Cortex XSOAR: Authentication Bypass in SAML Authentication
https://notcve.org/view.php?id=CVE-2021-3051
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances. Se presenta una vulnerabilidad de verificación inapropiada de la firma criptográfica en la autenticación SAML de Cortex XSOAR que permite a un atacante no autenticado basado en la red con conocimiento específico de la instancia de Cortex XSOAR acceder a recursos protegidos y llevar a cabo acciones no autorizadas en el servidor de Cortex XSOAR. Este problema afecta: Cortex XSOAR 5.5.0 builds anteriores a 1578677; Cortex XSOAR 6.0.2 builds anteriores a 1576452; Cortex XSOAR 6.1.0 builds anteriores a 1578663; Cortex XSOAR 6.2.0 builds anteriores a 1578666. • https://security.paloaltonetworks.com/CVE-2021-3051 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2021-3044 – Cortex XSOAR: Unauthorized Usage of the REST API
https://notcve.org/view.php?id=CVE-2021-3044
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances. • https://security.paloaltonetworks.com/CVE-2021-3044 • CWE-285: Improper Authorization •