Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Cortex XSOAR CommvaultSecurityIQ Marketplace by Palo Alto Networks

    CVE-2026-0274 (GCVE-0-2026-0274)

    Vulnerability from nvd – Published: 2026-06-10 21:02 – Updated: 2026-06-12 03:55
    VLAI
    Title
    Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration
    Summary
    An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2026-06-10 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T03:55:32.986Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cortex XSIAM CommvaultSecurityIQ Marketplace",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.2.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.2.0",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cortex XSOAR CommvaultSecurityIQ Marketplace",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.2.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.2.0",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsiam_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.2.0",
                      "versionStartIncluding": "1.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.2.0",
                      "versionStartIncluding": "1.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-06-10T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
                }
              ],
              "value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-475",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-475 Signature Spoofing by Improper Validation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1390",
                  "description": "CWE-1390 Weak Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T21:02:26.497Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0274"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                \u003ctd\u003eCortex XSIAM CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003eCortex XSOAR CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VERSION                                            MINOR VERSION         SUGGESTED SOLUTION\nCortex XSIAM CommvaultSecurityIQ Marketplace 1.1   1.1.0 through 1.1.9   Upgrade to 1.2.0 or later.\nCortex XSOAR CommvaultSecurityIQ Marketplace 1.1   1.1.0 through 1.1.9   Upgrade to 1.2.0 or later."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-10T16:00:00.000Z",
              "value": "Initial Publication."
            }
          ],
          "title": "Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_affectedList": [
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.1",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.2",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.3",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.4",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.5",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.6",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.7",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.1",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.2",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.3",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.4",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.5",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.6",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.7",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.8",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.9"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0274",
        "datePublished": "2026-06-10T21:02:26.497Z",
        "dateReserved": "2025-11-03T20:44:33.634Z",
        "dateUpdated": "2026-06-12T03:55:32.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0274 (GCVE-0-2026-0274)

    Vulnerability from cvelistv5 – Published: 2026-06-10 21:02 – Updated: 2026-06-12 03:55
    VLAI
    Title
    Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration
    Summary
    An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2026-06-10 16:00
    Credits
    our internal security research teams
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T03:55:32.986Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cortex XSIAM CommvaultSecurityIQ Marketplace",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.2.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.2.0",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cortex XSOAR CommvaultSecurityIQ Marketplace",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.2.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.2.0",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No special configuration is required to be affected by this issue."
                }
              ],
              "value": "No special configuration is required to be affected by this issue."
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsiam_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.2.0",
                      "versionStartIncluding": "1.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:palo_alto_networks:cortex_xsoar_commvaultsecurityiq_marketplace:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.2.0",
                      "versionStartIncluding": "1.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "our internal security research teams"
            }
          ],
          "datePublic": "2026-06-10T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
                }
              ],
              "value": "An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
                }
              ],
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-475",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-475 Signature Spoofing by Improper Validation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1390",
                  "description": "CWE-1390 Weak Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T21:02:26.497Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2026-0274"
            }
          ],
          "solutions": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n                                \u003ctd\u003eCortex XSIAM CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003ctr\u003e\n                                \u003ctd\u003eCortex XSOAR CommvaultSecurityIQ Marketplace 1.1\u003cbr\u003e\u003c/td\u003e\n                                \u003ctd\u003e1.1.0 through 1.1.9\u003c/td\u003e\n                                \u003ctd\u003eUpgrade to 1.2.0 or later.\u003c/td\u003e\n                            \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "VERSION                                            MINOR VERSION         SUGGESTED SOLUTION\nCortex XSIAM CommvaultSecurityIQ Marketplace 1.1   1.1.0 through 1.1.9   Upgrade to 1.2.0 or later.\nCortex XSOAR CommvaultSecurityIQ Marketplace 1.1   1.1.0 through 1.1.9   Upgrade to 1.2.0 or later."
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-10T16:00:00.000Z",
              "value": "Initial Publication."
            }
          ],
          "title": "Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration",
          "workarounds": [
            {
              "lang": "eng",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "No known workarounds exist for this issue."
                }
              ],
              "value": "No known workarounds exist for this issue."
            }
          ],
          "x_affectedList": [
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.0",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.1",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.2",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.3",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.4",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.5",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.6",
            "Cortex XSIAM CommvaultSecurityIQ Marketplace 1.1.7",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.0",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.1",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.2",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.3",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.4",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.5",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.6",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.7",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.8",
            "Cortex XSOAR CommvaultSecurityIQ Marketplace 1.1.9"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2026-0274",
        "datePublished": "2026-06-10T21:02:26.497Z",
        "dateReserved": "2025-11-03T20:44:33.634Z",
        "dateUpdated": "2026-06-12T03:55:32.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }