5.1
CVE-2021-3034
- EPSS 0.03%
- Veröffentlicht 10.03.2021 18:15:13
- Zuletzt bearbeitet 21.11.2024 06:20:48
- Quelle psirt@paloaltonetworks.com
- CVE-Watchlists
- Unerledigt
LoginAn information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Cortex Xsoar Version5.5.0
Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update70066
Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update73387
Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update75211
Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update78518
Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update94592
Paloaltonetworks ≫ Cortex Xsoar Version6.0.1
Paloaltonetworks ≫ Cortex Xsoar Version6.0.1 Update81077
Paloaltonetworks ≫ Cortex Xsoar Version6.0.2
Paloaltonetworks ≫ Cortex Xsoar Version6.0.2 Update90947
Paloaltonetworks ≫ Cortex Xsoar Version6.0.2 Update93351
Paloaltonetworks ≫ Cortex Xsoar Version6.0.2 Update94597
Paloaltonetworks ≫ Cortex Xsoar Version6.0.2 Update97682
Paloaltonetworks ≫ Cortex Xsoar Version6.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.062 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.6 | 3.9 | 4.9 |
AV:L/AC:L/Au:N/C:P/I:P/A:N
|
| psirt@paloaltonetworks.com | 5.1 | 0.8 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.