Medium
CVE-2022-0026 CVSS:7.2
Palo Alto Networks Cortex XDR Agent could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper ownership management. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary program with elevated privileges.
CVE-2022-0027 CVSS:4.3
Palo Alto Networks Cortex XSOAR could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By generating an email report, an attacker could exploit this vulnerability to obtain summary information about all incidents in the Cortex XSOAR instance, and use this information to launch further attacks against the affected system.
CVE-2022-0026
CVE-2022-0027
Palo Alto
Refer to Palo Alto Networks Security Advisories for patch, upgrade or suggested workaround information.