Palo Alto Networks Cortex XDR Agent could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper ownership management. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary program with elevated privileges.
Palo Alto Networks Cortex XSOAR could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By generating an email report, an attacker could exploit this vulnerability to obtain summary information about all incidents in the Cortex XSOAR instance, and use this information to launch further attacks against the affected system.
Refer to Palo Alto Networks Security Advisories for patch, upgrade or suggested workaround information.