CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-7431
https://notcve.org/view.php?id=CVE-2018-7431
Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Splunk Django App en versiones 6.0.x anteriores a la 6.0.14, versiones 6.1.x anteriores a la 6.1.13, versiones 6.2.x anteriores a la 6.2.14, versiones 6.3.x anteriores a la 6.3.10, versiones 6.4.x anteriores a la 6.4.6,y versiones 6.5.x anteriores a la 6.5.3; y en Splunk Light en versiones anteriores a la 6.6.0 permite que los usuarios autenticados remotos lean archivos arbitrarios utilizando vectores no especificados. • https://www.splunk.com/view/SP-CAAAP5T • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-7427
https://notcve.org/view.php?id=CVE-2018-7427
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Splunk Web en Splunk Enterprise en versiones 6.0.x anteriores a la 6.0.14, versiones 6.1.x anteriores a la 6.1.13, versiones 6.2.x anteriores a la 6.2.14, versiones 6.3.x anteriores a la 6.3.10, versiones 6.4.x anteriores a la 6.4.7,y versiones 6.5.x anteriores a la 6.5.3; y en Splunk Light en versiones anteriores a la 6.6.0 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • https://www.splunk.com/view/SP-CAAAP5T • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 82%CPEs: 1EXPL: 2CVE-2018-11409 – Splunk < 7.0.1 - Information Disclosure
https://notcve.org/view.php?id=CVE-2018-11409
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. Splunk hasta la versión 7.0.1 permite la divulgación de información anexando __raw/services/server/info/server-info?output_mode=json en una consulta, tal y como queda demostrado con el descubrimiento de una clave de licencia. Splunk 6.2.3 through 7.0.1 allows information disclosure by appending /__raw/services/server/info/server-info? • https://www.exploit-db.com/exploits/44865 http://www.securitytracker.com/id/1041148 https://github.com/kofa2002/splunk • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 58EXPL: 0CVE-2016-4859
https://notcve.org/view.php?id=CVE-2016-4859
Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en Splunk Enterprise versiones 6.4.x anteriores a la 6.4.3, Splunk Enterprise versiones 6.3.x anteriores a la 6.3.6, Splunk Enterprise versiones 6.2.x anteriores a la 6.2.10, Splunk Enterprise versiones 6.1.x anteriores a la 6.1.11, Splunk Enterprise versiones 6.0.x anteriores a la 6.0.12, Splunk Enterprise versiones 5.0.x anteriores a la 5.0.16 y Splunk Light versiones anteriores a la 6.4.3, que permitiría la redirección de usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://www.securityfocus.com/bid/92603 https://jvn.jp/en/jp/JVN64800312/index.html https://www.splunk.com/view/SP-CAAAPQ6 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2016-4857
https://notcve.org/view.php?id=CVE-2016-4857
Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en Splunk Enterprise versiones 6.4.x anteriores a la 6.4.2, Splunk Enterprise versiones 6.3.x anteriores a la 6.3.6, Splunk Enterprise versiones 6.2.x anteriores a la 6.2.11 y Splunk Light anteriores a la 6.4.2, que permitiría la redirección de usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • https://jvn.jp/en/jp/JVN39926655/index.html https://www.splunk.com/view/SP-CAAAPQM • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •