Cortex XSOAR CVE-2024-9470
MEDIUMSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Amber
Primary rating from Vendor (paloaltonetworks) · only source for this CVE.
CVSS VectorVendor: paloaltonetworks
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Amber
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.
AnalysisAI
A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-497. A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.
Affected ProductsAI
Cortex XSOAR.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today