漏洞类别:CGI
漏洞等级: 
漏洞信息
Splunk is a log monitoring and reporting tool with search capabilities. Splunk Enterprise and Splunk Light are exposed to following vulnerabilities:
Persistent Cross Site Scripting vulnerability in Splunk Web allows authenticated attackers to inject and store (SPL-134841)
Information Leakage via JavaScript (CVE-2017-5607)
Affected Software:
Splunk Enterprise 6.5.x before 6.5.3
Splunk Enterprise 6.4.x before 6.4.6
Splunk Enterprise 6.3.x before 6.3.10
Splunk Enterprise 6.2.x before 6.2.14
Splunk Enterprise 6.1.x before 6.1.13
Splunk Enterprise 6.0.x before 6.0.14
Splunk Enterprise 5.0.x before 5.0.18
Splunk Light before 6.5.2
漏洞危害
Successful exploitation of the vulnerability may allow an attacker to leak information or cause XSS attacks.
解决方案
Vendor has released updated versions to fix these vulnerabilities. Please refer SP-CAAAPZ3 for more details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论