CVE-2021-3034

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144.

Published: Mar 10, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-3034
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.1
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
paloaltonetworks / cortex_xsoar	5.5.0	5.5.0.x
paloaltonetworks / cortex_xsoar	6.1.0	6.1.0.x
paloaltonetworks / cortex_xsoar	6.0.2	6.0.2.x
paloaltonetworks / cortex_xsoar	6.0.1	6.0.1.x
paloaltonetworks / cortex_xsoar	5.5.0-94592	5.5.0-94592.x
paloaltonetworks / cortex_xsoar	5.5.0-78518	5.5.0-78518.x
paloaltonetworks / cortex_xsoar	5.5.0-75211	5.5.0-75211.x
paloaltonetworks / cortex_xsoar	5.5.0-73387	5.5.0-73387.x
paloaltonetworks / cortex_xsoar	5.5.0-70066	5.5.0-70066.x
paloaltonetworks / cortex_xsoar	6.0.1-81077	6.0.1-81077.x
paloaltonetworks / cortex_xsoar	6.0.2-97682	6.0.2-97682.x
paloaltonetworks / cortex_xsoar	6.0.2-94597	6.0.2-94597.x
paloaltonetworks / cortex_xsoar	6.0.2-93351	6.0.2-93351.x
paloaltonetworks / cortex_xsoar	6.0.2-90947	6.0.2-90947.x

https://security.paloaltonetworks.com/CVE-2021-3034

Vulnerability Database

322,732

CVE-2021-3034

Deep Security Visibility Without the Complexity