VDB
CVE-2021-3051
CVE-2021-3051
PUBLISHED
CVSS 8.100000381469727 HIGH
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.
EPSS 0.14% · 34.0th percentile
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.14%
34.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Palo Alto Networks | Cortex XSOAR | 5.5.0, 6.0.2, 6.1.0 |
| paloaltonetworks | cortex_xsoar | 5.5.0, 5.5.0, 6.0.2 |
Timeline
- Sep 8, 2021 CVE Published
- Sep 9, 2021 EPSS Score
- Nov 6, 2021 EPSS Score
- Jan 2, 2022 EPSS Score
- Jan 6, 2022 EPSS Score
- Mar 1, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 27, 2022 EPSS Score
- Jun 24, 2022 EPSS Score
- Aug 22, 2022 EPSS Score
- Oct 18, 2022 EPSS Score
- Dec 15, 2022 EPSS Score
References
- https://security.paloaltonetworks.com/CVE-2020-10188 advisory
- https://security.paloaltonetworks.com/CVE-2021-3053 advisory
- https://security.paloaltonetworks.com/CVE-2021-3049 advisory
- https://security.paloaltonetworks.com/CVE-2021-3055 advisory
- https://security.paloaltonetworks.com/CVE-2021-3054 advisory
- https://security.paloaltonetworks.com/CVE-2021-3051 advisory
- https://security.paloaltonetworks.com/CVE-2021-3052 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-3051 advisory