CVE-2024-9470

Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)

Published: Oct 9, 2024 / Updated: 41d ago

010
CVSS 5.3EPSS 0.04%Medium
CVE info copied to clipboard

A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Amber

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9470

Oct 9, 2024 at 5:15 PM
CVSS

A CVSS base score of 5.3 has been assigned.

Oct 9, 2024 at 5:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-9470. See article

Oct 9, 2024 at 5:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 9, 2024 at 5:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 10, 2024 at 9:41 AM
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/cortex_xsoar
+null more

Attack Patterns

CAPEC-170: Web Application Fingerprinting
+null more

News

[no-title]
Prisma Cloud Compute Cortex XDR Agent 8.6
Update Sun Oct 27 14:34:00 UTC 2024
Update Sun Oct 27 14:34:00 UTC 2024
Tageszusammenfassung - 10.10.2024
Project: GutenbergDate: 2024-October-09Security risk: Moderately critical 12 - 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Request ForgeryAffected versions: =3.0.0 Description: This module provides a new UI experience for node editing using the Gutenberg Editor library.The module did not sufficiently protect some routes against a Cross Site Request Forgery attack.This vulnerability is mitigated by the fact that the tricked user needs to have an Project: FacetsDate: 2024-October-09Security risk: Critical 15 - 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingAffected versions: Description: This module enables you to to easily create and manage faceted search interfaces.The module doesnt sufficiently filter for malicious script leading to a reflected cross site scripting (XSS) vulnerability.Solution: Install the latest version:If you use the Facets module, upgrade to Facets
Information disclosure in Cortex XSOAR
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality. A remote user can bypass implemented security restrictions and gain unauthorized access to incident data they are not supposed to access.
NA - CVE-2024-9470 - A vulnerability in Cortex XSOAR allows the...
A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.
See 8 more articles and social media posts

CVSS V3.1

Unknown

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI