漏洞类别:CGI
漏洞等级: 
漏洞信息
Splunk Enterprise captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards, and visualizations.
Splunk Enterprise is affected by multiple SAML vulnerabilities:
Affected Versions:
Splunk Enterprise versions 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2/6.6.4, 6.5.x before 6.5.6, 6.4.x before 6.4.9, 6.3.x before 6.3.12
QID Detection Logic(Remote)
It checks for vulnerable version of Splunk Enterprise.
QID Detection Logic(Authenticated)
It checks for vulnerable version of Splunk Enterprise having SAML auth enabled.
漏洞危害
Successful exploitation of these vulnerabilities can permit an unauthenticated attacker access to a SAML-enabled Splunk Web or permit an authenticated user to impersonate another user or role.
解决方案
Vendor has released updated versions to fix these vulnerabilities. Please refer SP-CAAAP3K for more details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论