CVE-2016-4858

4.8MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Light
Vendor: CVE Published:; 12 May 2017

Summary

Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected Version(s)

Splunk Enterprise 6.4.x prior to 6.4.2

Splunk Enterprise 6.3.x prior to 6.3.6

Splunk Enterprise 6.2.x prior to 6.2.10

References

https://www.splunk.com/view/SP-CAAAPN9

x_refsource_CONFIRM

https://jvn.jp/en/jp/JVN71462075/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 12, 2017
Vulnerability Reserved
May 17, 2016