CVE-2021-3034
published 2021-03-10CVE-2021-3034: An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO)…
PriorityP423medium5.1CVSS 3.1
AVLACLPRHUINSUCHILAN
EPSS
0.17%
6.4th percentile
An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | cortex_xsoar | >= 5.5.0 < 98622 | 98622 |
| palo_alto_networks | cortex_xsoar | >= 6.0.1 < 830029 | 830029 |
| palo_alto_networks | cortex_xsoar | >= 6.0.2 < 98623 | 98623 |
| palo_alto_networks | cortex_xsoar | >= 6.1.0 < 848144 | 848144 |
| paloalto | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
| paloaltonetworks | cortex_xsoar | — | — |
CVSS provenance
nvdv3.15.1MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x58x-95ff-fvvp: An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO)
ghsa_unreviewed·2022-05-24
CVE-2021-3034 [MEDIUM] CWE-532 GHSA-x58x-95ff-fvvp: An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO)
An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the ‘/var/log/demisto/’ server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.
Palo Alto
Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs
vendor_paloalto·2021-03-10·CVSS 5.1
CVE-2021-3034 [MEDIUM] CWE-532 Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs
Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs
An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup.
This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration.
Affected products: Cortex XSOAR
Solution: This issue is fixed in Cortex XSOAR 5.5.0 build 98622, Cortex XSOAR 6.0.2 build 98623, Cortex XSOAR 6.1.0 build 848144, and all later Cortex XSOAR versions.
All versions of Cortex XSOAR 6.0.1 should be upgraded to the latest version of Cortex XSOAR 6.0.2.
After you upgrade
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-10
Published