exploitDog

GHSA-g37x-8fq5-rmrc

Опубликовано: 07 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.

Ссылки

EPSS

Процентиль: 42%

0.00198

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-287

Связанные уязвимости

CVE-2021-31559

CVSS3: 7.5

nvd

почти 4 года назад

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.

EPSS

Процентиль: 42%

0.00198

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-287