VYPR
Medium severity5.1NVD Advisory· Published Mar 10, 2021· Updated Jun 17, 2026

CVE-2021-3034

CVE-2021-3034

Description

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Paloaltonetworks/Cortex XSOARllm-fuzzy2 versions
    5.5.0 < 98622, 6.0.1 < 830029, 6.0.2 < 98623, 6.1.0 < 848144+ 1 more
    • (no CPE)range: 5.5.0 < 98622, 6.0.1 < 830029, 6.0.2 < 98623, 6.1.0 < 848144
    • (no CPE)range: 5.5.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.