CPE Details
Palo Alto Networks Cortex XSOAR 6.2.0 1822745
6.2.0
2022-02-15
13h47 +00:00
13h47 +00:00
2022-02-15
14h40 +00:00
14h40 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1822745:*:*:*:*:*:*
Informations
Vendor
paloaltonetworksProduct
cortex_xsoarVersion
6.2.0Update
1822745Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. | 6.7 |
Medium |
||
| A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888. | 6.8 |
Medium |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.