Description
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.paloaltonetworks.com/CVE-2021-3051
Scores
CVSS v3
8.1
EPSS
0.0014
EPSS Percentile
33.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-347
Status
published
Products (4)
paloaltonetworks/cortex_xsoar
5.5.0 (6 CPE variants)
paloaltonetworks/cortex_xsoar
6.0.2 (5 CPE variants)
paloaltonetworks/cortex_xsoar
6.1.0 (7 CPE variants)
paloaltonetworks/cortex_xsoar
6.2.0 (4 CPE variants)
Published
Sep 08, 2021
Tracked Since
Feb 18, 2026