CVE-2011-4644

Опубликовано: 03 янв. 2012

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*

Версия до 4.2.5 (включая)

cpe:2.3:a:splunk:splunk:2.1:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:2.2:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.0:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.1:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.2:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.3:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4.5:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4.6:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4.8:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4.9:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4.10:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4.11:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4.12:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4.13:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:3.4.14:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.0:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.0.9:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.0.10:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.0.11:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.1:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.1.7:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.1.8:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.2:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:splunk:splunk:4.2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05279

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-84gg-j7wj-x5hv

github

больше 3 лет назад