CWE
285
Advisory Published
Updated

CVE-2021-3049: Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability

First published: Wed Sep 08 2021(Updated: )

An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.

Credit: psirt@paloaltonetworks.com

Affected SoftwareAffected VersionHow to fix
Paloaltonetworks Cortex Xsoar=5.5.0
Paloaltonetworks Cortex Xsoar=5.5.0-70066
Paloaltonetworks Cortex Xsoar=5.5.0-73387
Paloaltonetworks Cortex Xsoar=5.5.0-75211
Paloaltonetworks Cortex Xsoar=5.5.0-78518
Paloaltonetworks Cortex Xsoar=5.5.0-94592
Paloaltonetworks Cortex Xsoar=6.1.0
Paloaltonetworks Cortex Xsoar=6.1.0-1016923
Paloaltonetworks Cortex Xsoar=6.1.0-1031903
Paloaltonetworks Cortex Xsoar=6.1.0-1077664
Paloaltonetworks Cortex Xsoar=6.1.0-848144

Remedy

This issue is fixed in Cortex XSOAR 6.1.0 build 12099345 and all later Cortex XSOAR versions. There are currently no Cortex XSOAR 5.5.0 updates available for this issue.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-3049?

    CVE-2021-3049 is an improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server.

  • How does CVE-2021-3049 impact Palo Alto Networks Cortex XSOAR?

    CVE-2021-3049 enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of.

  • What is the severity of CVE-2021-3049?

    The severity of CVE-2021-3049 is medium with a CVSS score of 4.3.

  • Which versions of Palo Alto Networks Cortex XSOAR are affected by CVE-2021-3049?

    CVE-2021-3049 impacts all versions of Palo Alto Networks Cortex XSOAR 5.5.0, 6.1.0, and their respective subversions.

  • How can I fix CVE-2021-3049?

    To fix CVE-2021-3049, update your Palo Alto Networks Cortex XSOAR server to a patched version.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203