CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
60.7%
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.
[
{
"product": "Cortex XSOAR",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "1578677",
"status": "unaffected"
}
],
"lessThan": "1578677",
"status": "affected",
"version": "5.5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "1576452",
"status": "unaffected"
}
],
"lessThan": "1576452",
"status": "affected",
"version": "6.0.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "1578663",
"status": "unaffected"
}
],
"lessThan": "1578663",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "1578666",
"status": "unaffected"
}
],
"lessThan": "1578666",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
60.7%