CVSS: 6.5EPSS: 16%CPEs: 26EXPL: 3CVE-2011-4643 – Splunk - Remote Command Execution
https://notcve.org/view.php?id=CVE-2011-4643
03 Jan 2012 — Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243. Múltiples vulnerabilidades de salto de directorio en Splunk 4.x anteriores a la versión 4.2.5 permiten a atacantes remotos autenticados leer archivos arbitrarios a través de los caracteres .. (punto punto) en una URI a (1) Web Splunk o (2) el servidor HTTP Splunkd, también conocido como SP... • https://www.exploit-db.com/exploits/18245 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 6%CPEs: 65EXPL: 4CVE-2011-4644 – Splunk - Remote Command Execution
https://notcve.org/view.php?id=CVE-2011-4644
03 Jan 2012 — Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. Splunk versión 4.2.5 y anteriores, cuando se selecciona una licencia Gratuita, habilita funciones potencialmente indeseables en... • https://www.exploit-db.com/exploits/18245 • CWE-287: Improper Authentication •