CVE-2016-4856: XSS
First published: Fri May 12 2017(Updated: )
Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Splunk | =6.3.0 | |
| Splunk | =6.3.0 | |
| Splunk | =6.3.1 | |
| Splunk | =6.3.1 | |
| Splunk | =6.3.2 | |
| Splunk | =6.3.2 | |
| Splunk | =6.3.3 | |
| Splunk | =6.3.3 | |
| Splunk | =6.3.4 | |
| Splunk | =6.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-4856?
CVE-2016-4856 is considered a high severity vulnerability due to the potential for an attacker with administrator rights to execute arbitrary web scripts or HTML.
How do I fix CVE-2016-4856?
To fix CVE-2016-4856, upgrade Splunk Enterprise and Splunk Light to version 6.3.5 or later.
What versions are affected by CVE-2016-4856?
CVE-2016-4856 affects Splunk Enterprise versions 6.3.0 to 6.3.4 and Splunk Light versions 6.3.0 to 6.3.4.
Who can exploit CVE-2016-4856?
CVE-2016-4856 can be exploited by an attacker who has administrator rights.
What type of vulnerability is CVE-2016-4856?
CVE-2016-4856 is a cross-site scripting (XSS) vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/splunk
- canonical/splunk
- version/splunk/6.3.0
- version/splunk/6.3.1
- version/splunk/6.3.2
- version/splunk/6.3.3
- version/splunk/6.3.4