Lucene search

SplunkCVELIST:CVE-2021-31559

HistoryMay 06, 2022 - 4:35 p.m.

CVE-2021-31559 S2S TcpToken authentication bypass

2022-05-0616:35:19

CWE-288

Splunk

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.8%

JSON

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.

CNA Affected

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "status": "affected",
        "version": "8.2 version(s) before 8.2.1"
      },
      {
        "status": "affected",
        "version": "Version(s) before 8.1.5"
      }
    ]
  }
]

References

www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.8%

JSON

Related for CVELIST:CVE-2021-31559