CVE-2024-9470

Summary

A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCortex XSOAR8.0.0unaffected
Palo Alto NetworksCortex XSOAR6.13.0unaffected
Palo Alto NetworksCortex XSOAR6.12.0 < 6.12.0 (Build 1271551)affected

Weaknesses

  • CWE-497: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References