CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3044 – Cortex XSOAR: Unauthorized Usage of the REST API
https://notcve.org/view.php?id=CVE-2021-3044
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances. • https://security.paloaltonetworks.com/CVE-2021-3044 • CWE-285: Improper Authorization •
CVSS: 5.1EPSS: 0%CPEs: 14EXPL: 0CVE-2021-3034 – Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs
https://notcve.org/view.php?id=CVE-2021-3034
An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144. Se presenta una exposición de la información por medio de la vulnerabilidad del archivo de registro en el software Cortex XSOAR donde los secretos configurados para la integración de inicio de sesión único (SSO) SAML pueden ser registrados en los registros del servidor "/var/log/demisto/" al probar la integración durante la instalación. Esta información registrada incluye la clave privada y el certificado del proveedor de identidad utilizado para configurar la integración SAML SSO. • https://security.paloaltonetworks.com/CVE-2021-3034 • CWE-532: Insertion of Sensitive Information into Log File •