3 results (0.007 seconds)

CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. Una vulnerabilidad de escalada de privilegios local (PE) en el software del motor Cortex XSOAR de Palo Alto Networks que se ejecuta en un sistema operativo Linux permite a un atacante local ejecutar programas con privilegios elevados si el atacante tiene acceso de shell al motor. • https://security.paloaltonetworks.com/CVE-2023-3282 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE https://lists.fedoraproject.org/archives/list/package-announce@lists.fe • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges. Una vulnerabilidad de Escalada de Privilegios (PE) locales en el software del motor Cortex XSOAR de Palo Alto Networks que se ejecuta en un Sistema Operativo Linux permite a un atacante local con acceso de shell al motor, ejecutar programas con privilegios elevados. • https://security.paloaltonetworks.com/CVE-2022-0031 • CWE-345: Insufficient Verification of Data Authenticity •