CVE-2022-0020: CVE-2022-0020 Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface

• Get support
• Security advisories
• Report vulnerabilities
• Subscribe
• RSS feed

Palo Alto Networks Security Advisories / CVE-2022-0020

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Scope UNCHANGED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

NVD JSON

Published 2022-02-09

Updated 2022-02-09

Reference PDV-2194

Discovered externally

Description

A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations.

This issue impacts:

All builds of Cortex XSOAR 6.1.0;

Cortex XSOAR 6.2.0 builds earlier than build 1958888.

Product Status

Versions

Affected

Unaffected

Cortex XSOAR 6.5.0

None

all

Cortex XSOAR 6.2.0

< 1958888

>= 1958888

Cortex XSOAR 6.1.0

all

Severity: MEDIUM

CVSSv3.1 Base Score: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-79 Cross-site Scripting (XSS)

Solution

This issue is fixed in Cortex XSOAR 6.2.0 build 1958888 and all later Cortex XSOAR versions.

Workarounds and Mitigations

There are no known workarounds for this issue.

Acknowledgments

Palo Alto Networks thanks Ömür Uğur of Türk Telekom for discovering and reporting this issue.

Timeline

2022-02-09 Initial publication

© 2020 Palo Alto Networks, Inc. All rights reserved.