Overview
- Description
- A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.
- Source
- prodsec@splunk.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- prodsec@splunk.com
- CWE-288
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69FE383C-7E7F-4119-B0B8-7A9F8A5AE0C3",
"versionEndExcluding": "8.1.5",
"versionStartIncluding": "8.1.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:8.2.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EA32AA1-B70F-44B4-964C-6F25FC885104"
}
],
"operator": "OR"
}
]
}
]