CVE-2021-3049: 
Cortex XSOAR vulnerability analysis and mitigation

An improper authorization vulnerability (CVE-2021-3049) was discovered in the Palo Alto Networks Cortex XSOAR server, disclosed on September 8, 2021. The vulnerability enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations they are aware of but are not authorized to access. This issue affects all Cortex XSOAR 5.5.0 builds and Cortex XSOAR 6.1.0 builds earlier than 12099345, while Cortex XSOAR 6.2.0 versions are not impacted (Palo Advisory).

The vulnerability is classified as an improper authorization issue (CWE-285). It received varying CVSS scores, with NVD assigning a base score of 4.3 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, while Palo Alto Networks assessed it at 2.6 (LOW) with vector CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N. The vulnerability requires network access and low privileges to exploit (NVD).

The vulnerability allows unauthorized access to investigation files, potentially leading to information disclosure. The confidentiality impact is rated as Low, while there are no direct impacts on integrity or availability of the system (Palo Advisory).

The vulnerability has been fixed in Cortex XSOAR 6.1.0 build 12099345 and all later versions. There are no known workarounds for this issue, and no Cortex XSOAR 5.5.0 updates are available to address this vulnerability (Palo Advisory).