CVE-2016-4857 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Splunk

Publication

2017-05-12

Last modification

2017-05-19

Summary

Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Classification

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Risk level (CVSS AV:N/AC:M/Au:N/C:P/I:P/A:N)

Medium

5.8

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Splunk Splunk  6.2.10 , 6.2.1 , 6.2.5 , 6.3.3 , 6.2.4 , 6.2.3 , 6.2.8 , 6.2.9 , 6.4.2 , 6.3.0 , 6.2.2 , 6.3.2 , 6.2.7 , 6.4.1 , 6.3.5 , 6.2.0 , 6.3.1 , 6.4.0 , 6.3.4 , 6.2.6