CWE
532
Advisory Published
Updated

CVE-2021-3034: Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs

First published: Wed Mar 10 2021(Updated: )

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.

Credit: psirt@paloaltonetworks.com

Affected SoftwareAffected VersionHow to fix
Paloaltonetworks Cortex Xsoar=5.5.0
Paloaltonetworks Cortex Xsoar=5.5.0-70066
Paloaltonetworks Cortex Xsoar=5.5.0-73387
Paloaltonetworks Cortex Xsoar=5.5.0-75211
Paloaltonetworks Cortex Xsoar=5.5.0-78518
Paloaltonetworks Cortex Xsoar=5.5.0-94592
Paloaltonetworks Cortex Xsoar=6.0.1
Paloaltonetworks Cortex Xsoar=6.0.1-81077
Paloaltonetworks Cortex Xsoar=6.0.2
Paloaltonetworks Cortex Xsoar=6.0.2-90947
Paloaltonetworks Cortex Xsoar=6.0.2-93351
Paloaltonetworks Cortex Xsoar=6.0.2-94597
Paloaltonetworks Cortex Xsoar=6.0.2-97682
Paloaltonetworks Cortex Xsoar=6.1.0

Remedy

This issue is fixed in Cortex XSOAR 5.5.0 build 98622, Cortex XSOAR 6.0.1 build 830029, Cortex XSOAR 6.0.2 build 98623, Cortex XSOAR 6.1.0 build 848144, and all later Cortex XSOAR versions. After you upgrade the Cortex XSOAR appliance, you must configure a new private key for SAML SSO integration. Clear the server system logs using the instructions provided in the Workarounds and Mitigations section to remove any potentially logged secrets.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-3034?

    CVE-2021-3034 is an information exposure through log file vulnerability in Cortex XSOAR software.

  • How does CVE-2021-3034 impact Cortex XSOAR software?

    CVE-2021-3034 exposes secrets configured for the SAML single sign-on (SSO) integration to the server logs.

  • What is the severity of CVE-2021-3034?

    CVE-2021-3034 has a severity rating of medium with a severity value of 5.1.

  • Which versions of Cortex XSOAR are affected by CVE-2021-3034?

    Cortex XSOAR versions 5.5.0 to 5.5.0-94592, 6.0.1 to 6.0.1-81077, 6.0.2 to 6.0.2-97682, and 6.1.0 are affected by CVE-2021-3034.

  • How can I fix CVE-2021-3034 in Cortex XSOAR software?

    To fix CVE-2021-3034, update Cortex XSOAR software to a version that is not affected by the vulnerability.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203