CVE-2022-0027 - OpenCVE

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Paloaltonetworks	Cortex Xsoar

Configuration 1 [-]

OR	cpe:2.3:a:paloaltonetworks:cortex_xsoar::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:-::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:-::::::

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2022-0027	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: palo_alto

Published: 2022-05-11T00:00:00

Updated: 2022-05-11T16:30:27

Reserved: 2021-12-28T00:00:00

Link: CVE-2022-0027

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-11T17:15:09.343

Modified: 2023-06-26T17:59:39.267

Link: CVE-2022-0027

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Cortex XSOAR", "vendor": "Palo Alto Networks", "versions": [{"status": "affected", "version": "6.1.*"}, {"status": "affected", "version": "6.2.*"}, {"status": "affected", "version": "6.5.*"}, {"changes": [{"at": "6.6.0.2585049", "status": "unaffected"}], "lessThan": "6.6.0.2585049", "status": "affected", "version": "6.6", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks Nelson M. of Black Lantern Security for discovering and reporting this issue."}], "datePublic": "2022-05-11T00:00:00", "descriptions": [{"lang": "en", "value": "An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-11T16:30:27", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2022-0027"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XSOAR 6.6.0 build 6.6.0.2585049 and all later Cortex XSOAR versions."}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2022-05-11T00:00:00", "value": "Initial publication"}], "title": "Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports", "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2022-05-11T16:00:00.000Z", "ID": "CVE-2022-0027", "STATE": "PUBLIC", "TITLE": "Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XSOAR", "version": {"version_data": [{"version_affected": "<", "version_name": "6.6", "version_value": "6.6.0.2585049"}, {"version_affected": "=", "version_name": "6.1", "version_value": "6.1.*"}, {"version_affected": "=", "version_name": "6.2", "version_value": "6.2.*"}, {"version_affected": "=", "version_name": "6.5", "version_value": "6.5.*"}, {"version_affected": "!>=", "version_name": "6.6", "version_value": "6.6.0.2585049"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Nelson M. of Black Lantern Security for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285 Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2022-0027", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2022-0027"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XSOAR 6.6.0 build 6.6.0.2585049 and all later Cortex XSOAR versions."}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2022-05-11T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_advisoryEoL": false, "x_affectedList": ["Cortex XSOAR 6.6", "Cortex XSOAR 6.5", "Cortex XSOAR 6.2", "Cortex XSOAR 6.1"]}}}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2022-0027", "datePublished": "2022-05-11T00:00:00", "dateReserved": "2021-12-28T00:00:00", "dateUpdated": "2022-05-11T16:30:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:*:*:*:*:*:*:*:*", "matchCriteriaId": "D35F9793-4C2B-470E-AB12-FB4311468CFB", "versionEndExcluding": "6.6.0.2585049", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "FA3AD87F-BF18-48A2-8344-197185D974B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "9E7FE2E0-AA0B-4D86-B5B3-4E1417691CC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "C52254D2-F8CC-4700-8FDC-F412FD23E5DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049."}, {"lang": "es", "value": "Una vulnerabilidad de autorizaci\u00f3n inapropiada en el software Cortex XSOAR de Palo Alto Network permite a usuarios autenticados en grupos de s\u00f3lo lectura generar un informe de correo electr\u00f3nico que contiene informaci\u00f3n resumida sobre todos los incidentes en la instancia de Cortex XSOAR, incluidos los incidentes a los que el usuario no presenta acceso. Este problema afecta: Todas las versiones de Cortex XSOAR 6.1; Todas las versiones de Cortex XSOAR 6.2; Todas las versiones de Cortex XSOAR 6.5; Versiones de Cortex XSOAR 6.6 anteriores a Cortex XSOAR 6.6.0 build 6.6.0.2585049"}], "id": "CVE-2022-0027", "lastModified": "2023-06-26T17:59:39.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2022-05-11T17:15:09.343", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0027"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}