CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3282 – Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
https://notcve.org/view.php?id=CVE-2023-3282
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine. Una vulnerabilidad de escalada de privilegios local (PE) en el software del motor Cortex XSOAR de Palo Alto Networks que se ejecuta en un sistema operativo Linux permite a un atacante local ejecutar programas con privilegios elevados si el atacante tiene acceso de shell al motor. • https://security.paloaltonetworks.com/CVE-2023-3282 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 22EXPL: 0CVE-2021-3051 – Cortex XSOAR: Authentication Bypass in SAML Authentication
https://notcve.org/view.php?id=CVE-2021-3051
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances. Se presenta una vulnerabilidad de verificación inapropiada de la firma criptográfica en la autenticación SAML de Cortex XSOAR que permite a un atacante no autenticado basado en la red con conocimiento específico de la instancia de Cortex XSOAR acceder a recursos protegidos y llevar a cabo acciones no autorizadas en el servidor de Cortex XSOAR. Este problema afecta: Cortex XSOAR 5.5.0 builds anteriores a 1578677; Cortex XSOAR 6.0.2 builds anteriores a 1576452; Cortex XSOAR 6.1.0 builds anteriores a 1578663; Cortex XSOAR 6.2.0 builds anteriores a 1578666. • https://security.paloaltonetworks.com/CVE-2021-3051 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2021-3049 – Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability
https://notcve.org/view.php?id=CVE-2021-3049
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions. Una vulnerabilidad de autorización inapropiada en el servidor Cortex XSOAR de Palo Alto Networks permite a un atacante autenticado basado en la red con permisos de lectura de investigación descargar archivos de investigaciones de incidentes de los que presenta conocimiento pero no forma parte. Este problema afecta: Todas las builds de Cortex XSOAR 5.5.0; las builds de Cortex XSOAR 6.1.0 anteriores a 12099345. • https://security.paloaltonetworks.com/CVE-2021-3049 • CWE-285: Improper Authorization •
CVSS: 5.1EPSS: 0%CPEs: 14EXPL: 0CVE-2021-3034 – Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs
https://notcve.org/view.php?id=CVE-2021-3034
An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144. Se presenta una exposición de la información por medio de la vulnerabilidad del archivo de registro en el software Cortex XSOAR donde los secretos configurados para la integración de inicio de sesión único (SSO) SAML pueden ser registrados en los registros del servidor "/var/log/demisto/" al probar la integración durante la instalación. Esta información registrada incluye la clave privada y el certificado del proveedor de identidad utilizado para configurar la integración SAML SSO. • https://security.paloaltonetworks.com/CVE-2021-3034 • CWE-532: Insertion of Sensitive Information into Log File •