CVE-2019-5729 - Improper Certificate Validation vulnerability in Splunk Software Development KIT 1.6.6

Publication

2019-03-21

Last modification

2019-03-27

Summary

Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks.

Classification

CWE-295 - Improper Certificate Validation

Risk level (CVSS AV:N/AC:M/Au:N/C:P/I:P/A:P)

Medium

6.8

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Splunk Software Development KIT  1.6.6