2017-11-30 03:29:04 2019-10-03 02:03:26

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
Splunk Splunk 6.4.3 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.2 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.1 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.0 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.11 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.10 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.9 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.8 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.7 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.6 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.5 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.4 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.3 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.2 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.1 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.0 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.4 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.5 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.6 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.7 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.8 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.5.0 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.5.1 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.5.2 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.5.3 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.5.4 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.5.5 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.6.0 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.6.1 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.6.2 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.6.3 ~~enterprise~~~ (not an official CPE) Splunk Splunk 7.0.0 ~~enterprise~~~ (not an official CPE)
Advisory Patch Confirmed Link
102005
https://www.splunk.com/view/SP-CAAAP3K