{"containers": {"cna": {"affected": [{"product": "Cortex XSOAR", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "5.5.0 all"}, {"status": "unaffected", "version": "6.0.0 all"}, {"status": "unaffected", "version": "6.0.1 all"}, {"status": "unaffected", "version": "6.0.2 all"}, {"changes": [{"at": "1271064", "status": "unaffected"}, {"at": "1016923", "status": "affected"}], "lessThan": "6.1.0*", "status": "affected", "version": "1016923", "versionType": "custom"}, {"changes": [{"at": "1271065", "status": "unaffected"}], "lessThan": "1271065", "status": "affected", "version": "6.2.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "This issue is applicable only to Cortex XSOAR configurations with active API key integrations.\n\nYou can determine whether your configuration is impacted by selecting \u2018Settings > Integration > API Keys\u2019 from the Cortex XSOAR web client."}], "credits": [{"lang": "en", "value": "This issue was found during internal security review."}], "datePublic": "2021-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-22T17:15:11", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2021-3044"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions."}], "source": {"discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2021-06-22T00:00:00", "value": "Initial publication"}], "title": "Cortex XSOAR: Unauthorized Usage of the REST API", "workarounds": [{"lang": "en", "value": "You must revoke all active integration API keys to fully mitigate the impact of this issue.\n\nTo revoke integration API keys from the Cortex XSOAR web client:\nSettings > Integration > API Keys  and then Revoke each API key.\n\nYou can create new API keys after you upgrade Cortex XSOAR to a fixed version."}, {"lang": "en", "value": "Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2021-06-22T16:00:00.000Z", "ID": "CVE-2021-3044", "STATE": "PUBLIC", "TITLE": "Cortex XSOAR: Unauthorized Usage of the REST API"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XSOAR", "version": {"version_data": [{"version_affected": "!", "version_name": "5.5.0", "version_value": "all"}, {"version_affected": "!", "version_name": "6.0.0", "version_value": "all"}, {"version_affected": ">=", "version_name": "6.1.0", "version_value": "1016923"}, {"version_affected": "<", "version_name": "6.1.0", "version_value": "1271064"}, {"version_affected": "!<", "version_name": "6.1.0", "version_value": "1016923"}, {"version_affected": "!>=", "version_name": "6.1.0", "version_value": "1271064"}, {"version_affected": "<", "version_name": "6.2.0", "version_value": "1271065"}, {"version_affected": "!>=", "version_name": "6.2.0", "version_value": "1271065"}, {"version_affected": "!", "version_name": "6.0.1", "version_value": "all"}, {"version_affected": "!", "version_name": "6.0.2", "version_value": "all"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "configuration": [{"lang": "en", "value": "This issue is applicable only to Cortex XSOAR configurations with active API key integrations.\n\nYou can determine whether your configuration is impacted by selecting \u2018Settings > Integration > API Keys\u2019 from the Cortex XSOAR web client."}], "credit": [{"lang": "eng", "value": "This issue was found during internal security review."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285 Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2021-3044", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2021-3044"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions."}], "source": {"discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2021-06-22T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "You must revoke all active integration API keys to fully mitigate the impact of this issue.\n\nTo revoke integration API keys from the Cortex XSOAR web client:\nSettings > Integration > API Keys  and then Revoke each API key.\n\nYou can create new API keys after you upgrade Cortex XSOAR to a fixed version."}, {"lang": "en", "value": "Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:45:50.915Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2021-3044"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2021-3044", "datePublished": "2021-06-22T17:15:11.305119Z", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-09-16T17:23:37.359Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.1.0:1016923:*:*:*:*:*:*", "matchCriteriaId": "F3462449-36BD-4FB6-BB40-B06F0EDE570A", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xsoar:6.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "9E7FE2E0-AA0B-4D86-B5B3-4E1417691CC5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances."}, {"lang": "es", "value": "Una vulnerabilidad de autorizaci\u00f3n inapropiada en Palo Alto Networks Cortex XSOAR permite a un atacante remoto no autenticado con acceso a la red del servidor Cortex XSOAR llevar a cabo acciones no autorizadas mediante la API REST. Este problema afecta: Cortex XSOAR  versiones 6.1.0 builds posteriores a 1016923 y anteriores a 1271064; Cortex XSOAR versiones 6.2.0 builds anteriores a 1271065. Este problema no afecta a Cortex XSOAR versi\u00f3n 5.5.0, Cortex XSOAR versi\u00f3n 6.0.0, Cortex XSOAR versi\u00f3n 6.0.1 o Cortex XSOAR versi\u00f3n 6.0.2. Todas las instancias de Cortex XSOAR alojadas en Palo Alto Networks est\u00e1n actualizadas para resolver esta vulnerabilidad. No es requerido ninguna acci\u00f3n adicional para estas instancias"}], "id": "CVE-2021-3044", "lastModified": "2024-11-21T06:20:49.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2021-06-22T18:15:08.230", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2021-3044"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2021-3044"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}