// For flags

CVE-2023-0003

Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

*Credits: Palo Alto Networks thanks Eric Turpin for discovering and reporting this issue.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-10-27 CVE Reserved
  • 2023-02-08 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-08-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-73: External Control of File Name or Path
  • CWE-610: Externally Controlled Reference to a Resource in Another Sphere
CAPEC
References (11)
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Paloaltonetworks
Search vendor "Paloaltonetworks"
Cortex Xsoar
Search vendor "Paloaltonetworks" for product "Cortex Xsoar"
>= 6.10.0 < 6.10.0.185964
Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version " >= 6.10.0 < 6.10.0.185964"
-
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Cortex Xsoar
Search vendor "Paloaltonetworks" for product "Cortex Xsoar"
6.6.0
Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.6.0"
2585049
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Cortex Xsoar
Search vendor "Paloaltonetworks" for product "Cortex Xsoar"
6.6.0
Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.6.0"
2889656
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Cortex Xsoar
Search vendor "Paloaltonetworks" for product "Cortex Xsoar"
6.6.0
Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.6.0"
3049220
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Cortex Xsoar
Search vendor "Paloaltonetworks" for product "Cortex Xsoar"
6.6.0
Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.6.0"
3124193
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Cortex Xsoar
Search vendor "Paloaltonetworks" for product "Cortex Xsoar"
6.8.0
Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.8.0"
176620
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Cortex Xsoar
Search vendor "Paloaltonetworks" for product "Cortex Xsoar"
6.8.0
Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.8.0"
3261002
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Cortex Xsoar
Search vendor "Paloaltonetworks" for product "Cortex Xsoar"
6.9.0
Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.9.0"
130766
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Cortex Xsoar
Search vendor "Paloaltonetworks" for product "Cortex Xsoar"
6.9.0
Search vendor "Paloaltonetworks" for product "Cortex Xsoar" and version "6.9.0"
177754
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
37
Search vendor "Fedoraproject" for product "Fedora" and version "37"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
38
Search vendor "Fedoraproject" for product "Fedora" and version "38"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
39
Search vendor "Fedoraproject" for product "Fedora" and version "39"
-
Affected