CVE-2021-3049

Опубликовано: 08 сент. 2021

Источник: nvd

CVSS3: 2.6

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.

Ссылки

https://security.paloaltonetworks.com/CVE-2021-3049
Vendor Advisory
https://security.paloaltonetworks.com/CVE-2021-3049
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:70066:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:73387:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:75211:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:78518:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:94592:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1031903:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1077664:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:848144:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00113

Низкий

2.6 Low

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-285

NVD-CWE-Other

Связанные уязвимости

GHSA-j74x-6rh4-f7q2

CVSS3: 4.3

github

больше 3 лет назад

EPSS

Процентиль: 30%

0.00113

Низкий

2.6 Low

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-285

NVD-CWE-Other