CVE-2021-3049

Beschreibung:
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.

CWE: CWE-79

CVSS-Bewertung
CVSS 2: LOW – 3.5 (Version: 2.0)
CVSS 3: LOW – 2.6 (Version: 3.1)

Links:

NVD – CVE-2021-3049
CVE – CVE-2021-3049

Link (max. 20) Quelle Tags
N/A CONFIRM Vendor Advisory Vendor Advisory Third Party Advisory Third Party Advisory
DSA-4968 DEBIAN Third Party Advisory Third Party Advisory
https://www.mail-archive.com/haproxy@formilux.org MISC Third Party Advisory Third Party Advisory Third Party Advisory
https://www.mail-archive.com/haproxy@formilux.org/msg41114.html MISC Mitigation Third Party Advisory
https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/ MISC Exploit Mitigation Third Party Advisory
https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95 MISC Patch Third Party Advisory
[cloudstack-dev] 20210910 CVE-2021-40346 (haproxy 2.x) MLIST Mailing List Third Party Advisory
[cloudstack-dev] 20210910 Re: CVE-2021-40346 (haproxy 2.x) MLIST Mailing List Third Party Advisory

Quelle: NVD – CVE-2021-3049
Datum Veröffentlichung: 2021-09-08T17:15Z, Datum letzte Änderung: 2021-09-08T18:15Z