First published: Thu Nov 30 2017(Updated: )
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Splunk Splunk | >=6.3.0<6.3.12 | |
Splunk Splunk | >=6.4.0<6.4.9 | |
Splunk Splunk | >=6.5.0<6.5.6 | |
Splunk Splunk | >=6.6.0<6.6.3.2 | |
Splunk Splunk | >=7.0.0<7.0.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-17067 has a critical severity rating of 9.8.
To fix CVE-2017-17067, upgrade Splunk Enterprise to a version greater than 7.0.0.1, 6.6.3.2, 6.5.6, 6.4.9, or 6.3.12.
CVE-2017-17067 can allow remote attackers to bypass access restrictions or conduct impersonation attacks.
CVE-2017-17067 affects Splunk Enterprise versions 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12.
CVE-2017-17067 mishandles the SAML authentication method when the SAML authType is enabled.