Open Redirect Vulnerability in Splunk Enterprise by Splunk
CVE-2016-4859

6.1MEDIUM

Key Information:

Vendor
Splunk
Status
Splunk Enterprise
Splunk Light
Vendor
CVE Published:
12 May 2017

Summary

An open redirect vulnerability exists in Splunk Enterprise versions prior to 6.4.3 for various product lines, including Splunk Light. This flaw allows attackers to redirect legitimate users to malicious websites, potentially facilitating phishing attacks. The vulnerability arises from unspecified vectors that do not properly validate URL inputs, posing a significant risk to users and the integrity of their data.

Affected Version(s)

Splunk Enterprise 6.4.x prior to 6.4.3

Splunk Enterprise 6.3.x prior to 6.3.6

Splunk Enterprise 6.2.x prior to 6.2.10

References

https://jvn.jp/en/jp/JVN64800312/index.html
third-party-advisoryx_refsource_JVN
https://www.splunk.com/view/SP-CAAAPQ6
x_refsource_CONFIRM
http://www.securityfocus.com/bid/92603
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.