CVE-2021-3044
Summary
| CVE | CVE-2021-3044 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-22 18:15:00 UTC |
| Updated | 2022-07-14 15:58:00 UTC |
| Description | An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Paloaltonetworks | Cortex Xsoar | 6.1.0 | 1016923 | All | All |
| Application | Paloaltonetworks | Cortex Xsoar | 6.2.0 | - | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2021-3044 Cortex XSOAR: Unauthorized Usage of the REST API | MISC | security.paloaltonetworks.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: This issue was found during internal security review.
There are currently no legacy QID mappings associated with this CVE.