CVE-2024-9470 MEDIUM

CVE-2024-9470: Cortex XSOAR: Information Disclosure Vulnerability

Vendor Palo Alto Networks
Product Cortex XSOAR
Weakness CWE-497
Published October 9, 2024
Last update October 18, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:M/U:Amber

What the vulnerability does

01Description

A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.

Key dates

02Disclosure timeline

October 9, 2024 CVE published
October 18, 2024 Record updated