CVE-2021-3051

Name of the Vulnerable Software and Affected Versions Cortex XSOAR versions 5.5.0 builds earlier than 1578677 Cortex XSOAR versions 6.0.2 builds earlier than 1576452 Cortex XSOAR versions 6.1.0 builds earlier than 1578663 Cortex XSOAR versions 6.2.0 builds earlier than 1578666

Description An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication, enabling an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server.

Recommendations For Cortex XSOAR versions 5.5.0 builds earlier than 1578677, update to a build 1578677 or later. For Cortex XSOAR versions 6.0.2 builds earlier than 1576452, update to a build 1576452 or later. For Cortex XSOAR versions 6.1.0 builds earlier than 1578663, update to a build 1578663 or later. For Cortex XSOAR versions 6.2.0 builds earlier than 1578666, update to a build 1578666 or later. As a temporary workaround, consider restricting access to SAML authentication until a patch is available.