Paloaltonetworks Cortex Xsoar — known CVE vulnerabilities
Every CVE whose affected-product data names Paloaltonetworks Cortex Xsoar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2021-3044 — CVSS 9.8 (critical): An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to…
CVE-2026-0234 — CVSS 9.1 (critical): An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of…
CVE-2021-3051 — CVSS 8.1 (high): An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an…
CVE-2022-0020 — CVSS 6.8 (medium): A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based…
CVE-2022-0031 — CVSS 6.7 (medium): A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system…
CVE-2023-0003 — CVSS 6.5 (medium): A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web…
CVE-2023-3282 — CVSS 6.4 (medium): A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system…
CVE-2021-3034 — CVSS 5.1 (medium): An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single…
CVE-2022-0027 — CVSS 4.3 (medium): An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to…
CVE-2021-3049 — CVSS 2.6 (low): An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with…