CVE-2022-0020
Published Feb 10, 2022
Last updated 2 years ago
Overview
- Description
- A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.
- Source
- psirt@paloaltonetworks.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA3AD87F-BF18-48A2-8344-197185D974B0"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3462449-36BD-4FB6-BB40-B06F0EDE570A"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1031903:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5ED03A42-9D5F-4347-BA8D-DA1B5D5C771A"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1077664:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41C31238-7B7A-4057-867B-B3A35690A77A"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1209934:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA263B4A-4954-4A7F-B202-D31636B210E0"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1271079:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E56CB67-2C93-4AD4-87B4-31B337D99B5F"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:848144:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CE8BB23-1EEA-41EF-BEC5-EAC5DE7F095F"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E7FE2E0-AA0B-4D86-B5B3-4E1417691CC5"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1271082:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41AE1B48-EB15-4249-97B0-FF8BDF6A783A"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1321594:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAC380C5-0CD4-4FEF-BF40-A06BFF5BA084"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1473927:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC26F0D1-53C8-40A5-AE07-7064D45E08DD"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1578666:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F77199FC-169A-4752-A45A-73C664A98457"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1822745:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A82DA38-977E-4B75-BF76-825254B1CD2C"
}
],
"operator": "OR"
}
]
}
]