CVE-2021-3051
08.09.2021, 17:15
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.Enginsight
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | cortex_xsoar | 5.5.0 |
| paloaltonetworks | cortex_xsoar | 5.5.0:70066 |
| paloaltonetworks | cortex_xsoar | 5.5.0:73387 |
| paloaltonetworks | cortex_xsoar | 5.5.0:75211 |
| paloaltonetworks | cortex_xsoar | 5.5.0:78518 |
| paloaltonetworks | cortex_xsoar | 5.5.0:94592 |
| paloaltonetworks | cortex_xsoar | 6.0.2 |
| paloaltonetworks | cortex_xsoar | 6.0.2:90947 |
| paloaltonetworks | cortex_xsoar | 6.0.2:93351 |
| paloaltonetworks | cortex_xsoar | 6.0.2:94597 |
| paloaltonetworks | cortex_xsoar | 6.0.2:97682 |
| paloaltonetworks | cortex_xsoar | 6.1.0 |
| paloaltonetworks | cortex_xsoar | 6.1.0:1016923 |
| paloaltonetworks | cortex_xsoar | 6.1.0:1031903 |
| paloaltonetworks | cortex_xsoar | 6.1.0:1077664 |
| paloaltonetworks | cortex_xsoar | 6.1.0:1209934 |
| paloaltonetworks | cortex_xsoar | 6.1.0:1271079 |
| paloaltonetworks | cortex_xsoar | 6.1.0:848144 |
| paloaltonetworks | cortex_xsoar | 6.2.0 |
| paloaltonetworks | cortex_xsoar | 6.2.0:1271082 |
| paloaltonetworks | cortex_xsoar | 6.2.0:1321594 |
| paloaltonetworks | cortex_xsoar | 6.2.0:1473927 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration