CVE-2021-3034

10.03.2021, 18:15

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.1 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
palo_alto	CNA	5.1 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Vendor	Product	Version
paloaltonetworks	cortex_xsoar	5.5.0
paloaltonetworks	cortex_xsoar	5.5.0:70066
paloaltonetworks	cortex_xsoar	5.5.0:73387
paloaltonetworks	cortex_xsoar	5.5.0:75211
paloaltonetworks	cortex_xsoar	5.5.0:78518
paloaltonetworks	cortex_xsoar	5.5.0:94592
paloaltonetworks	cortex_xsoar	6.0.1
paloaltonetworks	cortex_xsoar	6.0.1:81077
paloaltonetworks	cortex_xsoar	6.0.2
paloaltonetworks	cortex_xsoar	6.0.2:90947
paloaltonetworks	cortex_xsoar	6.0.2:93351
paloaltonetworks	cortex_xsoar	6.0.2:94597
paloaltonetworks	cortex_xsoar	6.0.2:97682
paloaltonetworks	cortex_xsoar	6.1.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-532 - Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References

https://security.paloaltonetworks.com/CVE-2021-3034