CRITICAL🇬🇧 English

CVE-2017-17067

CVSS 9.8v3.0pub. 2017-11-30upd. 2026-05-13

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Splunk

    APP
    Splunk
    6.3.0 – 6.3.12 (bez)6.4.0 – 6.4.9 (bez)6.5.0 – 6.5.6 (bez)6.6.0 – 6.6.3.2 (bez)7.0.0 – 7.0.0.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-20253CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Splunk Enterprise — tworzenie/skracanie plików bez uwierzytelnienia przez sidecar PostgreSQL

CVE-2022-32158CRITICAL9.0ten sam produkt

Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarde...

CVE-2016-10126CRITICAL9.8ten sam produkt

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6....

CVE-2014-0160HIGH7.5⚠ KEVten sam produkt

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Exten...

CVE-2026-20251HIGH8.8ten sam produkt

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 1...