{"containers": {"cna": {"affected": [{"product": "Cortex XSOAR", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "1578677", "status": "unaffected"}], "lessThan": "1578677", "status": "affected", "version": "5.5.0", "versionType": "custom"}, {"changes": [{"at": "1576452", "status": "unaffected"}], "lessThan": "1576452", "status": "affected", "version": "6.0.2", "versionType": "custom"}, {"changes": [{"at": "1578663", "status": "unaffected"}], "lessThan": "1578663", "status": "affected", "version": "6.1.0", "versionType": "custom"}, {"changes": [{"at": "1578666", "status": "unaffected"}], "lessThan": "1578666", "status": "affected", "version": "6.2.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "This issue is applicable only to Cortex XSOAR configurations with SAML authentication integration enabled.\n\nYou can determine if your configuration has SAML authentication integration enabled by selecting 'Settings > Servers & Services' and searching for 'SAML'."}], "credits": [{"lang": "en", "value": "This issue was found by a customer of Palo Alto Networks during a security review."}], "datePublic": "2021-09-08T00:00:00", "descriptions": [{"lang": "en", "value": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-08T17:10:16", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2021-3051"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XSOAR 5.5.0 build 1578677, Cortex XSOAR 6.0.2 build 1576452, Cortex XSOAR 6.1.0 build 1578663, Cortex XSOAR 6.2.0 build 1578666, and all later Cortex XSOAR versions."}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-09-08T00:00:00", "value": "Initial publication"}], "title": "Cortex XSOAR: Authentication Bypass in SAML Authentication", "workarounds": [{"lang": "en", "value": "To completely prevent this issue from being exploited before you can upgrade your Cortex XSOAR server, disable SAML authentication integration.\n\nYou can also restrict network access to the Cortex XSOAR server to allow only trusted users to further reduce the impact of this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2021-09-08T16:00:00.000Z", "ID": "CVE-2021-3051", "STATE": "PUBLIC", "TITLE": "Cortex XSOAR: Authentication Bypass in SAML Authentication"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XSOAR", "version": {"version_data": [{"version_affected": "<", "version_name": "5.5.0", "version_value": "1578677"}, {"version_affected": "<", "version_name": "6.0.2", "version_value": "1576452"}, {"version_affected": "<", "version_name": "6.1.0", "version_value": "1578663"}, {"version_affected": "<", "version_name": "6.2.0", "version_value": "1578666"}, {"version_affected": "!>=", "version_name": "5.5.0", "version_value": "1578677"}, {"version_affected": "!>=", "version_name": "6.0.2", "version_value": "1576452"}, {"version_affected": "!>=", "version_name": "6.1.0", "version_value": "1578663"}, {"version_affected": "!>=", "version_name": "6.2.0", "version_value": "1578666"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "configuration": [{"lang": "en", "value": "This issue is applicable only to Cortex XSOAR configurations with SAML authentication integration enabled.\n\nYou can determine if your configuration has SAML authentication integration enabled by selecting 'Settings > Servers & Services' and searching for 'SAML'."}], "credit": [{"lang": "eng", "value": "This issue was found by a customer of Palo Alto Networks during a security review."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-347 Improper Verification of Cryptographic Signature"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2021-3051", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2021-3051"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XSOAR 5.5.0 build 1578677, Cortex XSOAR 6.0.2 build 1576452, Cortex XSOAR 6.1.0 build 1578663, Cortex XSOAR 6.2.0 build 1578666, and all later Cortex XSOAR versions."}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2021-09-08T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "To completely prevent this issue from being exploited before you can upgrade your Cortex XSOAR server, disable SAML authentication integration.\n\nYou can also restrict network access to the Cortex XSOAR server to allow only trusted users to further reduce the impact of this issue."}], "x_affectedList": ["Cortex XSOAR 6.2.0", "Cortex XSOAR 6.1.0", "Cortex XSOAR 6.0.2", "Cortex XSOAR 5.5.0"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:45:51.050Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2021-3051"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2021-3051", "datePublished": "2021-09-08T17:10:16.586949Z", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-09-17T01:10:46.128Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "0513C590-B393-45B9-BD95-14F09A33A6FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:70066:*:*:*:*:*:*", "matchCriteriaId": "CCC73F19-BAEC-464E-813E-AABFB0FF1749", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:73387:*:*:*:*:*:*", "matchCriteriaId": "829FDD7F-9F92-4425-BA03-7A916C672A1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:75211:*:*:*:*:*:*", "matchCriteriaId": "01F6E4B3-7264-4B6B-A2E0-EC0C6E454FE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:78518:*:*:*:*:*:*", "matchCriteriaId": "BFF634F2-427F-46AF-A203-3F8F91AEB039", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:5.5.0:94592:*:*:*:*:*:*", "matchCriteriaId": "C1B47446-7E43-44ED-A734-4C300ED6F6CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:-:*:*:*:*:*:*", "matchCriteriaId": "AE6362C1-9B7D-415F-A6E7-22EB6D9485E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:90947:*:*:*:*:*:*", "matchCriteriaId": "5617A797-C295-4534-A8BD-DB7637FEDDA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:93351:*:*:*:*:*:*", "matchCriteriaId": "924A87A5-6809-4D3A-B660-4F3D3E930103", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:94597:*:*:*:*:*:*", "matchCriteriaId": "B046FAAA-2FC4-4F69-980B-878BA24D1ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.0.2:97682:*:*:*:*:*:*", "matchCriteriaId": "231DF541-0D13-42DD-9392-A269999DA50C", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "FA3AD87F-BF18-48A2-8344-197185D974B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923:*:*:*:*:*:*", "matchCriteriaId": "F3462449-36BD-4FB6-BB40-B06F0EDE570A", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1031903:*:*:*:*:*:*", "matchCriteriaId": "5ED03A42-9D5F-4347-BA8D-DA1B5D5C771A", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1077664:*:*:*:*:*:*", "matchCriteriaId": "41C31238-7B7A-4057-867B-B3A35690A77A", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1209934:*:*:*:*:*:*", "matchCriteriaId": "AA263B4A-4954-4A7F-B202-D31636B210E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1271079:*:*:*:*:*:*", "matchCriteriaId": "6E56CB67-2C93-4AD4-87B4-31B337D99B5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:848144:*:*:*:*:*:*", "matchCriteriaId": "6CE8BB23-1EEA-41EF-BEC5-EAC5DE7F095F", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "9E7FE2E0-AA0B-4D86-B5B3-4E1417691CC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1271082:*:*:*:*:*:*", "matchCriteriaId": "41AE1B48-EB15-4249-97B0-FF8BDF6A783A", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1321594:*:*:*:*:*:*", "matchCriteriaId": "AAC380C5-0CD4-4FEF-BF40-A06BFF5BA084", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:1473927:*:*:*:*:*:*", "matchCriteriaId": "AC26F0D1-53C8-40A5-AE07-7064D45E08DD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de verificaci\u00f3n inapropiada de la firma criptogr\u00e1fica en la autenticaci\u00f3n SAML de Cortex XSOAR que permite a un atacante no autenticado basado en la red con conocimiento espec\u00edfico de la instancia de Cortex XSOAR acceder a recursos protegidos y llevar a cabo acciones no autorizadas en el servidor de Cortex XSOAR. Este problema afecta: Cortex XSOAR 5.5.0 builds anteriores a 1578677; Cortex XSOAR 6.0.2 builds anteriores a 1576452; Cortex XSOAR 6.1.0 builds anteriores a 1578663; Cortex XSOAR 6.2.0 builds anteriores a 1578666. Todas las instancias de Cortex XSOAR alojadas por Palo Alto Networks est\u00e1n protegidas contra esta vulnerabilidad; no es requerida ninguna acci\u00f3n adicional para estas instancias"}], "id": "CVE-2021-3051", "lastModified": "2021-09-17T14:47:49.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2021-09-08T17:15:11.777", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2021-3051"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-347"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}