SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Splunk Vendors:   Splunk Inc.
Splunk Multiple SAML Implementation Flaws Let Remote Users Access Splunk Web and Remote Authenticated Users Impersonate Other Users or Roles
SecurityTracker Alert ID:  1039851
SecurityTracker URL:  http://securitytracker.com/id/1039851
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 21 2017
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in Splunk. A remote authenticated user can gain elevated privileges. A remote user can gain access to the target system.

The Security Assertion Markup Language (SAML) implementation contains multiple flaws.

A remote user can gain access to Splunk Web on the target system.

A remote authenticated user can impersonate another user or role on the target system.

Systems running Splunk Web with SAML login enabled are affected.

Jacob Honoroff reported some of these vulnerabilities.

Impact:   A remote user can gain access to the target system.

A remote authenticated user can impersonate another user or role on the target system.

Solution:   The vendor has issued a fix (6.3.12, 6.4.9, 6.5.6, 6.6.4, 7.0.0.1).

The vendor advisory is available at:

https://www.splunk.com/view/SP-CAAAP3K

Vendor URL:  www.splunk.com/view/SP-CAAAP3K (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (FreeBSD), UNIX (HP/UX), UNIX (macOS/OS X), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  https://www.splunk.com/view/SP-CAAAP3K

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC