3 matches found
Splunk Enterprise 8.1.x < 8.1.7 Information Disclosure
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to return verbose login errors. Note that Nessus has not tested for this issue but has instead relied only on...
CVE-2021-33845
creationtimestamp| type| source ---|---|--- 2022-05-06 20:22:58+00:00| seen| https://t.me/cibsecurity/42121...
CVE-2021-33845
CVE-2021-33845 affects Splunk Enterprise before version 8.1.7, where the REST API can disclose usernames via the lockout error message when verbose login errors are present. Multiple connected sources (NVD, Red Hat, Nessus plugin, CVE lists) describe this information disclosure vulnerability and ...