RSS   Vulnerabilities for 'Cortex xsoar'   RSS

2022-02-10
 
CVE-2022-0020

CWE-79
 

 
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.

 
2021-06-22
 
CVE-2021-3044

CWE-863
 

 
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.

 

 >>> Vendor: Paloaltonetworks 15 Products
Globalprotect
Netconnect
Pan-os
Expedition
Expedition migration tool
Demisto
Traps
Minemeld
Twistlock
Vm-series
Cortex xdr agent
Prisma cloud
Bridgecrew checkov
Cortex xsoar
Prisma access


Copyright 2022, cxsecurity.com

 

Back to Top