CVE-2021-3051: 
Cortex XSOAR vulnerability analysis and mitigation

An improper verification of cryptographic signature vulnerability (CVE-2021-3051) was discovered in Cortex XSOAR SAML authentication. The vulnerability was disclosed on September 8, 2021, affecting Cortex XSOAR versions 5.5.0, 6.1.0, and 6.2.0 builds prior to specific version numbers. This vulnerability enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server (Palo Alto Advisory).

The vulnerability is classified as CWE-347 (Improper Verification of Cryptographic Signature) with a CVSSv3.1 Base Score of 8.1 HIGH (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). The issue specifically affects configurations with SAML authentication integration enabled, which can be verified through the 'Settings > Servers & Services' section by searching for 'SAML' (Palo Alto Advisory).

The vulnerability could allow an unauthorized attacker to perform actions on behalf of a Cortex XSOAR administrator, potentially compromising the confidentiality, integrity, and availability of the system. However, it is not a remote code execution (RCE) vulnerability (Palo Alto Advisory).

The vulnerability was fixed in Cortex XSOAR versions 5.5.0 build 1578677, 6.1.0 build 1578663, and 6.2.0 build 1578666. For systems that cannot be immediately upgraded, administrators can either disable SAML authentication integration or restrict network access to the Cortex XSOAR server to allow only trusted users. All Cortex XSOAR instances hosted by Palo Alto Networks were protected from this vulnerability (Palo Alto Advisory).