CVE-2016-4857

6.1MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Light
Vendor: CVE Published:; 12 May 2017

Summary

Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Affected Version(s)

Splunk Enterprise 6.4.x prior to 6.4.2

Splunk Enterprise 6.3.x prior to 6.3.6

Splunk Enterprise 6.2.x prior to 6.2.11

References

https://www.splunk.com/view/SP-CAAAPQM

x_refsource_CONFIRM

https://jvn.jp/en/jp/JVN39926655/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 12, 2017
Vulnerability Reserved
May 17, 2016