CVE-2023-0003

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2023-0003	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:3261002::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2585049::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2889656::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3049220::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3124193::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:176620::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.9.0:177754::::::
	cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.9.0:130766::::::

Information

Published : 2023-02-08 10:15

Updated : 2023-02-18 12:45

NVD link : CVE-2023-0003

Mitre link : CVE-2023-0003

JSON object : View

CWE

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

Products Affected

paloaltonetworks

cortex_xsoar

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://security.paloaltonetworks.com/CVE-2023-0003", "name": "https://security.paloaltonetworks.com/CVE-2023-0003", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-610"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-0003", "ASSIGNER": "psirt@paloaltonetworks.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2023-02-08T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:3261002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2585049:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:2889656:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3049220:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.6.0:3124193:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.8.0:176620:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.10.0.185964", "versionStartIncluding": "6.10.0"}, {"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.9.0:177754:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.9.0:130766:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-18T20:45Z"}

6.5 /10