CVE-2018-11409 – Splunk < 7.0.1 - Information Disclosure
https://notcve.org/view.php?id=CVE-2018-11409
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. Splunk hasta la versión 7.0.1 permite la divulgación de información anexando __raw/services/server/info/server-info?output_mode=json en una consulta, tal y como queda demostrado con el descubrimiento de una clave de licencia. Splunk 6.2.3 through 7.0.1 allows information disclosure by appending /__raw/services/server/info/server-info? • https://www.exploit-db.com/exploits/44865 http://www.securitytracker.com/id/1041148 https://github.com/kofa2002/splunk • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-17067
https://notcve.org/view.php?id=CVE-2017-17067
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks. Splunk Web en Splunk Enterprise en versiones 7.0.x anteriores a la 7.0.0.1; versiones 6.6.x anteriores a la 6.6.3.2; versiones 6.5.x anteriores a la 6.5.6; versiones 6.4.x anteriores a la 6.4.9 y versiones 6.3.x anteriores a la 6.3.12, cuando SAML authType está habilitado, gestiona SAML de manera incorrecta, lo que permite que atacantes remotos omitan las restricciones de acceso planeadas o lleven a cabo ataques de suplantación. • http://www.securityfocus.com/bid/102005 https://www.splunk.com/view/SP-CAAAP3K • CWE-863: Incorrect Authorization •
CVE-2017-12572
https://notcve.org/view.php?id=CVE-2017-12572
Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente en Splunk Enterprise 6.5.x anterior a 6.5.2; 6.4.x anterior a 6.4.6; y 6.3.x anterior a 6.3.9 y Splunk Light anterior a 6.5.2, cuya explotación requiere acceso de administrador, también conocido como SPL-134104. • https://www.splunk.com/view/SP-CAAAPYC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-4858
https://notcve.org/view.php?id=CVE-2016-4858
Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-site scripting en Splunk Enterprise versiones 6.4.x anteriores a la 6.4.2, Splunk Enterprise versiones 6.3.x anteriores a la 6.3.6, Splunk Enterprise versiones 6.2.x anteriores a la 6.2.10, Splunk Enterprise versiones 6.1.x anteriores a la 6.1.11, Splunk Enterprise versiones 6.0.x anteriores a la 6.0.12, Splunk Enterprise versiones 5.0.x anteriores a la 5.0.16 y Splunk Light versiones anteriores a la 6.4.2, que permitiría a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • https://jvn.jp/en/jp/JVN71462075/index.html https://www.splunk.com/view/SP-CAAAPN9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-4857
https://notcve.org/view.php?id=CVE-2016-4857
Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en Splunk Enterprise versiones 6.4.x anteriores a la 6.4.2, Splunk Enterprise versiones 6.3.x anteriores a la 6.3.6, Splunk Enterprise versiones 6.2.x anteriores a la 6.2.11 y Splunk Light anteriores a la 6.4.2, que permitiría la redirección de usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • https://jvn.jp/en/jp/JVN39926655/index.html https://www.splunk.com/view/SP-CAAAPQM • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •