CVE-2023-0003

Summary

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCortex XSOAR8.1 Allunaffected
Palo Alto NetworksCortex XSOAR6.10.0.0 < 6.10.0.185964affected
Palo Alto NetworksCortex XSOAR6.9 < 6.9.B185415affected
Palo Alto NetworksCortex XSOAR6.8 < 6.8.B185719affected
Palo Alto NetworksCortex XSOAR6.6 < 6.6.B186115affected

Weaknesses

  • CWE-73: CWE-73 External Control of File Name or Path

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References