Google Cloud Secops Soar
Approved changes feed: RSS · Atom
cpe:2.3:a:google_cloud:google_cloud_secops_soar:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Google Cloud (34bf7c79-23c3-583b-8203-6d0252c54ec0) |
|---|---|
| Product | Google Cloud Secops Soar (cddef554-9409-5e80-a347-6f96706e300c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-13428 |
vulnerable | 2026-06-03 14:58:46.052236 |
RCE in SecOps SOAR server via user-provided Python packages
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE) in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containing a malicious setup.py file, which would execute on the server during the installation process, leading to potential server compromise.
No customer action is required.
All customers have been automatically upgraded to the fixed version: 6.3.64 or higher.
Published: 2025-12-09T06:28:08.928Z
Updated: 2025-12-09T14:57:43.611Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.