CVE-2022-0020 - OpenCVE

A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Paloaltonetworks	Cortex Xsoar

Configuration 1 [-]

OR	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:-::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1031903::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1077664::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1209934::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1271079::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:848144::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1271082::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1321594::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1473927::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1578666::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1822745::::::

References

Link	Resource
http://packetstormsecurity.com/files/171782/Palo-Alto-Cortex-XSOAR-6.5.0-Cross-Site-Scripting.html
https://security.paloaltonetworks.com/CVE-2022-0020	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: palo_alto

Published: 2022-02-10T00:00:00

Updated: 2023-04-10T00:00:00

Reserved: 2021-12-28T00:00:00

Link: CVE-2022-0020

JSON object: View

NVD Information

Status : Modified

Published: 2022-02-10T18:15:08.747

Modified: 2023-04-10T20:15:07.553

Link: CVE-2022-0020

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-0020", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "dateUpdated": "2023-04-10T00:00:00", "dateReserved": "2021-12-28T00:00:00", "datePublished": "2022-02-10T00:00:00"}, "containers": {"cna": {"title": "Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface", "datePublic": "2022-02-09T00:00:00", "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2023-04-10T00:00:00"}, "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888."}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XSOAR", "versions": [{"version": "6.5.0 all", "status": "unaffected"}, {"version": "6.1.0 all", "status": "affected"}, {"version": "6.2.0", "status": "affected", "lessThan": "1958888", "versionType": "custom", "changes": [{"at": "1958888", "status": "unaffected"}]}]}], "references": [{"url": "https://security.paloaltonetworks.com/CVE-2022-0020"}, {"url": "http://packetstormsecurity.com/files/171782/Palo-Alto-Cortex-XSOAR-6.5.0-Cross-Site-Scripting.html"}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks \u00d6m\u00fcr U\u011fur of T\u00fcrk Telekom for discovering and reporting this issue."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79 Cross-site Scripting (XSS)", "cweId": "CWE-79"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"defect": ["PDV-2194"], "discovery": "EXTERNAL"}, "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "timeline": [{"lang": "en", "time": "2022-02-09T00:00:00", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XSOAR 6.2.0 build 1958888 and all later Cortex XSOAR versions."}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "FA3AD87F-BF18-48A2-8344-197185D974B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923:*:*:*:*:*:*", "matchCriteriaId": "F3462449-36BD-4FB6-BB40-B06F0EDE570A", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1031903:*:*:*:*:*:*", "matchCriteriaId": "5ED03A42-9D5F-4347-BA8D-DA1B5D5C771A", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1077664:*:*:*:*:*:*", "matchCriteriaId": "41C31238-7B7A-4057-867B-B3A35690A77A", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1209934:*:*:*:*:*:*", "matchCriteriaId": "AA263B4A-4954-4A7F-B202-D31636B210E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1271079:*:*:*:*:*:*", "matchCriteriaId": "6E56CB67-2C93-4AD4-87B4-31B337D99B5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:848144:*:*:*:*:*:*", "matchCriteriaId": "6CE8BB23-1EEA-41EF-BEC5-EAC5DE7F095F", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "9E7FE2E0-AA0B-4D86-B5B3-4E1417691CC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1271082:*:*:*:*:*:*", "matchCriteriaId": "41AE1B48-EB15-4249-97B0-FF8BDF6A783A", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1321594:*:*:*:*:*:*", "matchCriteriaId": "AAC380C5-0CD4-4FEF-BF40-A06BFF5BA084", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1473927:*:*:*:*:*:*", "matchCriteriaId": "AC26F0D1-53C8-40A5-AE07-7064D45E08DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1578666:*:*:*:*:*:*", "matchCriteriaId": "F77199FC-169A-4752-A45A-73C664A98457", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1822745:*:*:*:*:*:*", "matchCriteriaId": "1A82DA38-977E-4B75-BF76-825254B1CD2C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en la interfaz web de Palo Alto Network Cortex XSOAR permite a un atacante autenticado basado en la red almacenar una carga \u00fatil de javascript persistente que llevar\u00e1 a cabo acciones arbitrarias en la interfaz web de Cortex XSOAR en nombre de los administradores autenticados que encuentren la carga \u00fatil durante las operaciones normales. Este problema afecta: Todas las versiones de Cortex XSOAR 6.1.0; versiones de Cortex XSOAR 6.2.0 anteriores a la versi\u00f3n 1958888"}], "id": "CVE-2022-0020", "lastModified": "2023-04-10T20:15:07.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2022-02-10T18:15:08.747", "references": [{"source": "psirt@paloaltonetworks.com", "url": "http://packetstormsecurity.com/files/171782/Palo-Alto-Cortex-XSOAR-6.5.0-Cross-Site-Scripting.html"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0020"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}