Описание
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.
Уязвимые конфигурации
Конфигурация 1Версия от 8.1.0 (включая) до 8.1.5 (исключая)
Одно из
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:8.2.0:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 42%
0.00198
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-288
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.
EPSS
Процентиль: 42%
0.00198
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-288
NVD-CWE-noinfo