漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cortex XSOAR: Authentication Bypass in SAML Authentication
Vulnerability Description
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Palo Alto Cortex XSOAR 数据伪造问题漏洞
Vulnerability Description
Palo Alto Cortex XSOAR是美国 (Palo Alto)公司的一个应用软件。提供安全编排,自动化和响应平台,带有威胁情报管理和内置市场。 Palo Alto Cortex XSOAR存在安全漏洞,攻击者可利用该漏洞访问受保护的资源并在Cortex XSOAR服务器上执行未经授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A