CVE-2022-0020: Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface
First published: Thu Feb 10 2022(Updated: )
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.
Credit: psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Paloaltonetworks Cortex Xsoar | =6.1.0 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0-1016923 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0-1031903 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0-1077664 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0-1209934 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0-1271079 | |
| Paloaltonetworks Cortex Xsoar | =6.1.0-848144 | |
| Paloaltonetworks Cortex Xsoar | =6.2.0 | |
| Paloaltonetworks Cortex Xsoar | =6.2.0-1271082 | |
| Paloaltonetworks Cortex Xsoar | =6.2.0-1321594 | |
| Paloaltonetworks Cortex Xsoar | =6.2.0-1473927 | |
| Paloaltonetworks Cortex Xsoar | =6.2.0-1578666 | |
| Paloaltonetworks Cortex Xsoar | =6.2.0-1822745 |
Remedy
This issue is fixed in Cortex XSOAR 6.2.0 build 1958888 and all later Cortex XSOAR versions.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-0020?
CVE-2022-0020 is a stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface.
How does CVE-2022-0020 affect Palo Alto Network Cortex XSOAR?
CVE-2022-0020 allows an authenticated network-based attacker to store a persistent javascript payload in the Cortex XSOAR web interface and perform arbitrary actions on behalf of authenticated administrators.
What is the severity of CVE-2022-0020?
The severity of CVE-2022-0020 is medium with a CVSS score of 5.4.
Which versions of Palo Alto Network Cortex XSOAR are affected by CVE-2022-0020?
Palo Alto Network Cortex XSOAR versions 6.1.0, 6.2.0, and potentially others are affected by CVE-2022-0020.
How can I fix CVE-2022-0020 in Palo Alto Network Cortex XSOAR?
To fix CVE-2022-0020, a patch or update from Palo Alto Networks should be installed to address the vulnerability.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/paloaltonetworks
- canonical/paloaltonetworks cortex xsoar
- version/paloaltonetworks cortex xsoar/6.1.0
- version/paloaltonetworks cortex xsoar/6.1.0-1016923
- version/paloaltonetworks cortex xsoar/6.1.0-1031903
- version/paloaltonetworks cortex xsoar/6.1.0-1077664
- version/paloaltonetworks cortex xsoar/6.1.0-1209934
- version/paloaltonetworks cortex xsoar/6.1.0-1271079
- version/paloaltonetworks cortex xsoar/6.1.0-848144
- version/paloaltonetworks cortex xsoar/6.2.0
- version/paloaltonetworks cortex xsoar/6.2.0-1271082
- version/paloaltonetworks cortex xsoar/6.2.0-1321594
- version/paloaltonetworks cortex xsoar/6.2.0-1473927
- version/paloaltonetworks cortex xsoar/6.2.0-1578666
- version/paloaltonetworks cortex xsoar/6.2.0-1822745