CVE-2017-17067 - Improper Access Control vulnerability in Splunk

Publication

2017-11-30

Last modification

2017-12-20

Summary

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.

Classification

CWE-284 - Improper Access Control

Risk level (CVSS AV:N/AC:L/Au:N/C:C/I:C/A:C)

High

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Splunk Splunk  6.3.11 , 6.3.2 , 6.5.0 , 6.3.3 , 6.3.8 , 6.4.7 , 6.6.3 , 6.3.10 , 6.6.0 , 6.4.4 , 7.0.0 , 6.6.2 , 6.5.2 , 6.4.2 , 6.4.0 , 6.4.5 , 6.5.5 , 6.3.1 , 6.5.4 , 6.5.1 , 6.4.6 , 6.3.7 , 6.3.9 , 6.6.1 , 6.3.5 , 6.3.4 , 6.4.8 , 6.5.3 , 6.3.6 , 6.3.0 , 6.4.3 , 6.4.1