Lucene search
HistoryOct 03, 2022 - 4:20 p.m.
CVE-2014-5197
cve-2014-5197
directory traversal
splunk enterprise
remote authenticated users
arbitrary files
nvd
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.5%
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a … (dot dot) in a URI, related to search ids.
Affected configurations
Node
splunksplunkMatch6.1enterprise
ORsplunksplunkMatch6.1.1enterprise
ORsplunksplunkMatch6.1.2enterprise
| CPE | Name | Operator | Version |
|---|---|---|---|
| splunk:splunk | splunk | eq | 6.1 |
| splunk:splunk | splunk | eq | 6.1.1 |
| splunk:splunk | splunk | eq | 6.1.2 |
Related
cvelist
cvelist
CVE-2014-5197
2022-10-03 16:20:43
prion
prion
Directory traversal
2014-08-12 20:55:00
nvd
nvd
CVE-2014-5197
2014-08-12 20:55:03
nessus
nessus
Splunk Enterprise 6.1.x < 6.1.3 Multiple Vulnerabilities
2014-08-18 00:00:00
kaspersky
kaspersky
KLA10340 Multiple vulnerabilities in Splunk
2014-08-12 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.5%
Related for CVE-2014-5197