Open Redirect Vulnerability in Splunk Enterprise by Splunk
CVE-2016-4859

6.1MEDIUM

Key Information:

Vendor

Splunk
Status
Splunk Enterprise
Splunk Light
Vendor
CVE Published:
12 May 2017

What is CVE-2016-4859?

An open redirect vulnerability exists in Splunk Enterprise versions prior to 6.4.3 for various product lines, including Splunk Light. This flaw allows attackers to redirect legitimate users to malicious websites, potentially facilitating phishing attacks. The vulnerability arises from unspecified vectors that do not properly validate URL inputs, posing a significant risk to users and the integrity of their data.

Affected Version(s)

Splunk Enterprise 6.4.x prior to 6.4.3

Splunk Enterprise 6.3.x prior to 6.3.6

Splunk Enterprise 6.2.x prior to 6.2.10

References

https://jvn.jp/en/jp/JVN64800312/index.html
third-party-advisoryx_refsource_JVN
https://www.splunk.com/view/SP-CAAAPQ6
x_refsource_CONFIRM
http://www.securityfocus.com/bid/92603
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.