CVE-2021-3051Improper Verification of Cryptographic Signature in Palo Alto Networks Cortex Xsoar

CWE-347Improper Verification of Cryptographic Signature4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.1%
top 65.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Cortex XsoarPaloaltonetworks Cortex XsoarPaloalto Cortex Xsoar
Timeline
PublishedSep 8
Latest updateMay 24

Description

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds ea

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

CVEListV5palo_alto_networks/cortex_xsoar5.5.01578677+3

🔴Vulnerability Details

2
GHSA
GHSA-4qfq-vjf3-59qg: An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-b2022-05-24
CVEList
Cortex XSOAR: Authentication Bypass in SAML Authentication2021-09-08

📋Vendor Advisories

1
Palo Alto
Cortex XSOAR: Authentication Bypass in SAML Authentication2021-09-08
CVE-2021-3051 — Palo vulnerability | cvebase