CVE-2016-4856

4.8MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Light
Vendor: CVE Published:; 12 May 2017

Summary

Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.

Affected Version(s)

Splunk Enterprise 6.3.x prior to 6.3.5

Splunk Light 6.3.x prior to 6.3.5

References

https://www.splunk.com/view/SP-CAAAPN9

x_refsource_CONFIRM

https://jvn.jp/en/jp/JVN71462075/index.html

third-party-advisoryx_refsource_JVN

http://www.securityfocus.com/bid/92990

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 12, 2017
Vulnerability Reserved
May 17, 2016