Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities by Splunk Inc.

    CVE-2016-4859 (GCVE-0-2016-4859)

    Vulnerability from nvd – Published: 2017-05-12 18:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Open Redirect
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN64800312/index.html third-party-advisoryx_refsource_JVN
    https://www.splunk.com/view/SP-CAAAPQ6 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/92603 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Splunk Inc. Splunk Enterprise Affected: 6.4.x prior to 6.4.3
    Affected: 6.3.x prior to 6.3.6
    Affected: 6.2.x prior to 6.2.10
    Affected: 6.1.x prior to 6.1.11
    Affected: 6.0.x prior to 6.0.12
    Affected: 5.0.x prior to 5.0.16
    Create a notification for this product.
    Splunk Inc. Splunk Light Affected: prior to 6.4.3
    Create a notification for this product.
    Date Public
    2016-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:38.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#64800312",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN64800312/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/view/SP-CAAAPQ6"
              },
              {
                "name": "92603",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92603"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.4.x prior to 6.4.3"
                },
                {
                  "status": "affected",
                  "version": "6.3.x prior to 6.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.x prior to 6.2.10"
                },
                {
                  "status": "affected",
                  "version": "6.1.x prior to 6.1.11"
                },
                {
                  "status": "affected",
                  "version": "6.0.x prior to 6.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.0.x prior to 5.0.16"
                }
              ]
            },
            {
              "product": "Splunk Light",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.4.3"
                }
              ]
            }
          ],
          "datePublic": "2016-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-15T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#64800312",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN64800312/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/view/SP-CAAAPQ6"
            },
            {
              "name": "92603",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/92603"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-4859",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.4.x prior to 6.4.3"
                              },
                              {
                                "version_value": "6.3.x prior to 6.3.6"
                              },
                              {
                                "version_value": "6.2.x prior to 6.2.10"
                              },
                              {
                                "version_value": "6.1.x prior to 6.1.11"
                              },
                              {
                                "version_value": "6.0.x prior to 6.0.12"
                              },
                              {
                                "version_value": "5.0.x prior to 5.0.16"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Light",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 6.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open Redirect"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#64800312",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN64800312/index.html"
                },
                {
                  "name": "https://www.splunk.com/view/SP-CAAAPQ6",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/view/SP-CAAAPQ6"
                },
                {
                  "name": "92603",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/92603"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-4859",
        "datePublished": "2017-05-12T18:00:00.000Z",
        "dateReserved": "2016-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:38.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4858 (GCVE-0-2016-4858)

    Vulnerability from nvd – Published: 2017-05-12 18:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    https://www.splunk.com/view/SP-CAAAPN9 x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN71462075/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Splunk Inc. Splunk Enterprise Affected: 6.4.x prior to 6.4.2
    Affected: 6.3.x prior to 6.3.6
    Affected: 6.2.x prior to 6.2.10
    Affected: 6.1.x prior to 6.1.11
    Affected: 6.0.x prior to 6.0.12
    Affected: 5.0.x prior to 5.0.16
    Create a notification for this product.
    Splunk Inc. Splunk Light Affected: prior to 6.4.2
    Create a notification for this product.
    Date Public
    2016-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:38.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/view/SP-CAAAPN9"
              },
              {
                "name": "JVN#71462075",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.4.x prior to 6.4.2"
                },
                {
                  "status": "affected",
                  "version": "6.3.x prior to 6.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.x prior to 6.2.10"
                },
                {
                  "status": "affected",
                  "version": "6.1.x prior to 6.1.11"
                },
                {
                  "status": "affected",
                  "version": "6.0.x prior to 6.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.0.x prior to 5.0.16"
                }
              ]
            },
            {
              "product": "Splunk Light",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.4.2"
                }
              ]
            }
          ],
          "datePublic": "2016-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-12T17:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/view/SP-CAAAPN9"
            },
            {
              "name": "JVN#71462075",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-4858",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.4.x prior to 6.4.2"
                              },
                              {
                                "version_value": "6.3.x prior to 6.3.6"
                              },
                              {
                                "version_value": "6.2.x prior to 6.2.10"
                              },
                              {
                                "version_value": "6.1.x prior to 6.1.11"
                              },
                              {
                                "version_value": "6.0.x prior to 6.0.12"
                              },
                              {
                                "version_value": "5.0.x prior to 5.0.16"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Light",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 6.4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.splunk.com/view/SP-CAAAPN9",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/view/SP-CAAAPN9"
                },
                {
                  "name": "JVN#71462075",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-4858",
        "datePublished": "2017-05-12T18:00:00.000Z",
        "dateReserved": "2016-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:38.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4857 (GCVE-0-2016-4857)

    Vulnerability from nvd – Published: 2017-05-12 18:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Open Redirect
    Assigner
    References
    URL Tags
    https://www.splunk.com/view/SP-CAAAPQM x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN39926655/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Splunk Inc. Splunk Enterprise Affected: 6.4.x prior to 6.4.2
    Affected: 6.3.x prior to 6.3.6
    Affected: 6.2.x prior to 6.2.11
    Create a notification for this product.
    Splunk Inc. Splunk Light Affected: prior to 6.4.2
    Create a notification for this product.
    Date Public
    2016-07-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:38.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/view/SP-CAAAPQM"
              },
              {
                "name": "JVN#39926655",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN39926655/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.4.x prior to 6.4.2"
                },
                {
                  "status": "affected",
                  "version": "6.3.x prior to 6.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.x prior to 6.2.11"
                }
              ]
            },
            {
              "product": "Splunk Light",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.4.2"
                }
              ]
            }
          ],
          "datePublic": "2016-07-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-12T17:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/view/SP-CAAAPQM"
            },
            {
              "name": "JVN#39926655",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN39926655/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-4857",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.4.x prior to 6.4.2"
                              },
                              {
                                "version_value": "6.3.x prior to 6.3.6"
                              },
                              {
                                "version_value": "6.2.x prior to 6.2.11"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Light",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 6.4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open Redirect"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.splunk.com/view/SP-CAAAPQM",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/view/SP-CAAAPQM"
                },
                {
                  "name": "JVN#39926655",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN39926655/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-4857",
        "datePublished": "2017-05-12T18:00:00.000Z",
        "dateReserved": "2016-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:38.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4856 (GCVE-0-2016-4856)

    Vulnerability from nvd – Published: 2017-05-12 18:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    https://www.splunk.com/view/SP-CAAAPN9 x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN71462075/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/92990 vdb-entryx_refsource_BID
    Impacted products
    Date Public
    2016-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:38.427Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/view/SP-CAAAPN9"
              },
              {
                "name": "JVN#71462075",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
              },
              {
                "name": "92990",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92990"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.3.x prior to 6.3.5"
                }
              ]
            },
            {
              "product": "Splunk Light",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.3.x prior to 6.3.5"
                }
              ]
            }
          ],
          "datePublic": "2016-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-15T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/view/SP-CAAAPN9"
            },
            {
              "name": "JVN#71462075",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
            },
            {
              "name": "92990",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/92990"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-4856",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.3.x prior to 6.3.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Light",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.3.x prior to 6.3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.splunk.com/view/SP-CAAAPN9",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/view/SP-CAAAPN9"
                },
                {
                  "name": "JVN#71462075",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
                },
                {
                  "name": "92990",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/92990"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-4856",
        "datePublished": "2017-05-12T18:00:00.000Z",
        "dateReserved": "2016-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:38.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4856 (GCVE-0-2016-4856)

    Vulnerability from cvelistv5 – Published: 2017-05-12 18:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    https://www.splunk.com/view/SP-CAAAPN9 x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN71462075/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/92990 vdb-entryx_refsource_BID
    Impacted products
    Date Public
    2016-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:38.427Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/view/SP-CAAAPN9"
              },
              {
                "name": "JVN#71462075",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
              },
              {
                "name": "92990",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92990"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.3.x prior to 6.3.5"
                }
              ]
            },
            {
              "product": "Splunk Light",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.3.x prior to 6.3.5"
                }
              ]
            }
          ],
          "datePublic": "2016-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-15T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/view/SP-CAAAPN9"
            },
            {
              "name": "JVN#71462075",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
            },
            {
              "name": "92990",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/92990"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-4856",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.3.x prior to 6.3.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Light",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.3.x prior to 6.3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.splunk.com/view/SP-CAAAPN9",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/view/SP-CAAAPN9"
                },
                {
                  "name": "JVN#71462075",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
                },
                {
                  "name": "92990",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/92990"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-4856",
        "datePublished": "2017-05-12T18:00:00.000Z",
        "dateReserved": "2016-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:38.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4858 (GCVE-0-2016-4858)

    Vulnerability from cvelistv5 – Published: 2017-05-12 18:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    https://www.splunk.com/view/SP-CAAAPN9 x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN71462075/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Splunk Inc. Splunk Enterprise Affected: 6.4.x prior to 6.4.2
    Affected: 6.3.x prior to 6.3.6
    Affected: 6.2.x prior to 6.2.10
    Affected: 6.1.x prior to 6.1.11
    Affected: 6.0.x prior to 6.0.12
    Affected: 5.0.x prior to 5.0.16
    Create a notification for this product.
    Splunk Inc. Splunk Light Affected: prior to 6.4.2
    Create a notification for this product.
    Date Public
    2016-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:38.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/view/SP-CAAAPN9"
              },
              {
                "name": "JVN#71462075",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.4.x prior to 6.4.2"
                },
                {
                  "status": "affected",
                  "version": "6.3.x prior to 6.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.x prior to 6.2.10"
                },
                {
                  "status": "affected",
                  "version": "6.1.x prior to 6.1.11"
                },
                {
                  "status": "affected",
                  "version": "6.0.x prior to 6.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.0.x prior to 5.0.16"
                }
              ]
            },
            {
              "product": "Splunk Light",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.4.2"
                }
              ]
            }
          ],
          "datePublic": "2016-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-12T17:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/view/SP-CAAAPN9"
            },
            {
              "name": "JVN#71462075",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-4858",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.4.x prior to 6.4.2"
                              },
                              {
                                "version_value": "6.3.x prior to 6.3.6"
                              },
                              {
                                "version_value": "6.2.x prior to 6.2.10"
                              },
                              {
                                "version_value": "6.1.x prior to 6.1.11"
                              },
                              {
                                "version_value": "6.0.x prior to 6.0.12"
                              },
                              {
                                "version_value": "5.0.x prior to 5.0.16"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Light",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 6.4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.splunk.com/view/SP-CAAAPN9",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/view/SP-CAAAPN9"
                },
                {
                  "name": "JVN#71462075",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-4858",
        "datePublished": "2017-05-12T18:00:00.000Z",
        "dateReserved": "2016-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:38.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4857 (GCVE-0-2016-4857)

    Vulnerability from cvelistv5 – Published: 2017-05-12 18:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Open Redirect
    Assigner
    References
    URL Tags
    https://www.splunk.com/view/SP-CAAAPQM x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN39926655/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Splunk Inc. Splunk Enterprise Affected: 6.4.x prior to 6.4.2
    Affected: 6.3.x prior to 6.3.6
    Affected: 6.2.x prior to 6.2.11
    Create a notification for this product.
    Splunk Inc. Splunk Light Affected: prior to 6.4.2
    Create a notification for this product.
    Date Public
    2016-07-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:38.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/view/SP-CAAAPQM"
              },
              {
                "name": "JVN#39926655",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN39926655/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.4.x prior to 6.4.2"
                },
                {
                  "status": "affected",
                  "version": "6.3.x prior to 6.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.x prior to 6.2.11"
                }
              ]
            },
            {
              "product": "Splunk Light",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.4.2"
                }
              ]
            }
          ],
          "datePublic": "2016-07-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-12T17:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/view/SP-CAAAPQM"
            },
            {
              "name": "JVN#39926655",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN39926655/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-4857",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.4.x prior to 6.4.2"
                              },
                              {
                                "version_value": "6.3.x prior to 6.3.6"
                              },
                              {
                                "version_value": "6.2.x prior to 6.2.11"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Light",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 6.4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open Redirect"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.splunk.com/view/SP-CAAAPQM",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/view/SP-CAAAPQM"
                },
                {
                  "name": "JVN#39926655",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN39926655/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-4857",
        "datePublished": "2017-05-12T18:00:00.000Z",
        "dateReserved": "2016-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:38.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4859 (GCVE-0-2016-4859)

    Vulnerability from cvelistv5 – Published: 2017-05-12 18:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Open Redirect
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN64800312/index.html third-party-advisoryx_refsource_JVN
    https://www.splunk.com/view/SP-CAAAPQ6 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/92603 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Splunk Inc. Splunk Enterprise Affected: 6.4.x prior to 6.4.3
    Affected: 6.3.x prior to 6.3.6
    Affected: 6.2.x prior to 6.2.10
    Affected: 6.1.x prior to 6.1.11
    Affected: 6.0.x prior to 6.0.12
    Affected: 5.0.x prior to 5.0.16
    Create a notification for this product.
    Splunk Inc. Splunk Light Affected: prior to 6.4.3
    Create a notification for this product.
    Date Public
    2016-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:38.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#64800312",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN64800312/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/view/SP-CAAAPQ6"
              },
              {
                "name": "92603",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92603"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.4.x prior to 6.4.3"
                },
                {
                  "status": "affected",
                  "version": "6.3.x prior to 6.3.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.x prior to 6.2.10"
                },
                {
                  "status": "affected",
                  "version": "6.1.x prior to 6.1.11"
                },
                {
                  "status": "affected",
                  "version": "6.0.x prior to 6.0.12"
                },
                {
                  "status": "affected",
                  "version": "5.0.x prior to 5.0.16"
                }
              ]
            },
            {
              "product": "Splunk Light",
              "vendor": "Splunk Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.4.3"
                }
              ]
            }
          ],
          "datePublic": "2016-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-15T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#64800312",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN64800312/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/view/SP-CAAAPQ6"
            },
            {
              "name": "92603",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/92603"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-4859",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.4.x prior to 6.4.3"
                              },
                              {
                                "version_value": "6.3.x prior to 6.3.6"
                              },
                              {
                                "version_value": "6.2.x prior to 6.2.10"
                              },
                              {
                                "version_value": "6.1.x prior to 6.1.11"
                              },
                              {
                                "version_value": "6.0.x prior to 6.0.12"
                              },
                              {
                                "version_value": "5.0.x prior to 5.0.16"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Light",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 6.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open Redirect"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#64800312",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN64800312/index.html"
                },
                {
                  "name": "https://www.splunk.com/view/SP-CAAAPQ6",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/view/SP-CAAAPQ6"
                },
                {
                  "name": "92603",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/92603"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-4859",
        "datePublished": "2017-05-12T18:00:00.000Z",
        "dateReserved": "2016-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:38.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }