CVE-2021-3044

Cortex XSOAR: Unauthorized Usage of the REST API

Description

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.

Remediation

Solution:

  • This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions.

Workaround:

  • You must revoke all active integration API keys to fully mitigate the impact of this issue. To revoke integration API keys from the Cortex XSOAR web client: Settings > Integration > API Keys and then Revoke each API key. You can create new API keys after you upgrade Cortex XSOAR to a fixed version.
  • Restricting network access to the Cortex XSOAR server to allow only trusted users also reduces the impact of this issue.

Category

9.8
CVSS
Severity: Critical
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.67% Top 30%
Vendor Advisory paloaltonetworks.com
Affected: Palo Alto Networks Cortex XSOAR
Published at:
Updated at:

References

Link Tags
https://security.paloaltonetworks.com/CVE-2021-3044 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-3044?
CVE-2021-3044 has been scored as a critical severity vulnerability.
How to fix CVE-2021-3044?
To fix CVE-2021-3044: This issue is fixed in Cortex XSOAR 6.1.0 build 1271064, Cortex XSOAR 6.2.0 build 1271065, and all later Cortex XSOAR versions.
Is CVE-2021-3044 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-3044 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-3044?
CVE-2021-3044 affects Palo Alto Networks Cortex XSOAR.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.