A security advisory published by Palo Alto Networks informs customers about the availability of patches for a critical vulnerability affecting the company’s Cortex XSOAR product.

During an internal security review, Palo Alto Networks discovered that its Cortex XSOAR is affected by an improper authorization issue.

The flaw, tracked as CVE-2021-3044 and rated critical severity with a CVSS score of 9.8, can be exploited by a remote, unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API.

The security hole affects XSOAR versions 6.1.0 and 6.2.0. Patches have been made available for both impacted versions.

Source: securityweek.com