Cross-Site Scripting Vulnerability in Splunk Enterprise by Splunk
CVE-2016-4858

4.8MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Light
Vendor: CVE Published:; 12 May 2017

Summary

This vulnerability in Splunk Enterprise and Splunk Light allows remote attackers to inject arbitrary web scripts or HTML into web pages through unspecified vectors, potentially compromising sensitive data and user sessions. Affected versions span from 5.0.x to 6.4.x, necessitating timely updates to secure systems against this exploitable flaw.

Affected Version(s)

Splunk Enterprise 6.4.x prior to 6.4.2

Splunk Enterprise 6.3.x prior to 6.3.6

Splunk Enterprise 6.2.x prior to 6.2.10

References

https://www.splunk.com/view/SP-CAAAPN9

x_refsource_CONFIRM

https://jvn.jp/en/jp/JVN71462075/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 12, 2017
Vulnerability Reserved
May 17, 2016