CVE-2021-3051

EPSS 0.14%
Veröffentlicht 08.09.2021 17:15:11
Zuletzt bearbeitet 21.11.2024 06:20:51
Quelle psirt@paloaltonetworks.com
CVE-Watchlists
Login
Unerledigt
Login

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update-

Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update70066

Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update73387

Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update75211

Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update78518

Paloaltonetworks ≫ Cortex Xsoar Version5.5.0 Update94592

Paloaltonetworks ≫ Cortex Xsoar Version6.0.2 Update-

Paloaltonetworks ≫ Cortex Xsoar Version6.0.2 Update90947

Paloaltonetworks ≫ Cortex Xsoar Version6.0.2 Update93351

Paloaltonetworks ≫ Cortex Xsoar Version6.0.2 Update94597

Paloaltonetworks ≫ Cortex Xsoar Version6.0.2 Update97682

Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update-

Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update1016923

Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update1031903

Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update1077664

Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update1209934

Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update1271079

Paloaltonetworks ≫ Cortex Xsoar Version6.1.0 Update848144

Paloaltonetworks ≫ Cortex Xsoar Version6.2.0 Update-

Paloaltonetworks ≫ Cortex Xsoar Version6.2.0 Update1271082

Paloaltonetworks ≫ Cortex Xsoar Version6.2.0 Update1321594

Paloaltonetworks ≫ Cortex Xsoar Version6.2.0 Update1473927

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.309

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
psirt@paloaltonetworks.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://security.paloaltonetworks.com/CVE-2021-3051

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-3051

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3051

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3051

EUVD