CVE-2016-4859

6.1MEDIUM

Key Information:

Vendor
Splunk
Status
Splunk Enterprise
Splunk Light
Vendor
CVE Published:
12 May 2017

Summary

Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Affected Version(s)

Splunk Enterprise 6.4.x prior to 6.4.3

Splunk Enterprise 6.3.x prior to 6.3.6

Splunk Enterprise 6.2.x prior to 6.2.10

References

https://jvn.jp/en/jp/JVN64800312/index.html
third-party-advisoryx_refsource_JVN
https://www.splunk.com/view/SP-CAAAPQ6
x_refsource_CONFIRM
http://www.securityfocus.com/bid/92603
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.