2 results (0.002 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. • https://advisory.splunk.com/advisories/SVD-2023-0213 • CWE-295: Improper Certificate Validation CWE-636: Not Failing Securely ('Failing Open') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. Splunk-SDK-Python, en versiones anteriores a la 1.6.6, no verifica correctamente los certificados TLS no fiables del servidor, lo que podría resultar en ataques de Man-in-the-Middle (MitM) • https://www.splunk.com/view/SP-CAAAQAD • CWE-295: Improper Certificate Validation •