Splunk Enterprise Multiple Vulnerabilities

Last Update Date: 3 Apr 2017 10:41 Release Date: 3 Apr 2017 3331 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have been identified in Splunk Enterprise, which can be exploited by remote attackers to obtain potentially sensitive information or conduct cross-site scripting attacks on the target system.

Impact

  • Cross-Site Scripting
  • Information Disclosure

System / Technologies affected

  • Persistent Cross Site Scripting in Splunk Web (SPL-134841)
    • 6.5.x before 6.5.3
    • 6.4.x before 6.4.6
    • 6.3.x before 6.3.10
    • 6.2.x before 6.2.14
    • Splunk Light before 6.5.2
  • Information Leakage via JavaScript (CVE-2017-5607)
    • 6.5.x before 6.5.3
    • 6.4.x before 6.4.6
    • 6.3.x before 6.3.10
    • 6.2.x before 6.2.13.1
    • 6.1.x before 6.1.13
    • 6.0.x before 6.0.14
    • 5.0.x before 5.0.18
    • Splunk Light before 6.5.2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to fixed version (6.2.13.1, 6.5.3).

Vulnerability Identifier

Source

Related Link

Share with

Previous

phpMyAdmin Security Restriction Bypass Vulnerability

31 Mar 2017 3583 Views

Next

Windows Server 2003 IIS6.0 remote code execution Vulnerability

31 Mar 2017 3541 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY