Open Redirect Vulnerability in Splunk Enterprise and Splunk Light
CVE-2016-4857

6.1MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Light
Vendor: CVE Published:; 12 May 2017

What is CVE-2016-4857?

An open redirect vulnerability exists in specific versions of Splunk Enterprise and Splunk Light, enabling attackers to redirect users to arbitrary websites. This flaw could be exploited to conduct phishing attacks, potentially deceiving users into providing sensitive information unknowingly. The vulnerability is present in Splunk Enterprise versions prior to 6.4.2, 6.3.6, and 6.2.11, as well as in Splunk Light prior to 6.4.2. Organizations using these versions are advised to update their software to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Splunk Enterprise 6.4.x prior to 6.4.2

Splunk Enterprise 6.3.x prior to 6.3.6

Splunk Enterprise 6.2.x prior to 6.2.11

References

https://www.splunk.com/view/SP-CAAAPQM

x_refsource_CONFIRM

https://jvn.jp/en/jp/JVN39926655/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 12, 2017
Vulnerability Reserved
May 17, 2016

JSON

Splunk