CVE-2021-31559: S2S TcpToken authentication bypass
First published: Fri May 06 2022(Updated: )
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.
Credit: prodsec@splunk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Splunk | >=8.1.0<8.1.5 | |
| Splunk | =8.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-31559?
CVE-2021-31559 has been classified as a high severity vulnerability.
How do I fix CVE-2021-31559?
To fix CVE-2021-31559, upgrade Splunk Enterprise to version 8.1.5 or 8.2.1 or later.
Which Splunk Enterprise versions are affected by CVE-2021-31559?
CVE-2021-31559 affects Splunk Enterprise versions before 8.1.5 and 8.2 before 8.2.1.
What impact does CVE-2021-31559 have on Splunk Indexers?
CVE-2021-31559 allows arbitrary events to be written to an index when S2S TCP Token authentication is bypassed.
Are Universal Forwarders impacted by CVE-2021-31559?
No, Universal Forwarders are not impacted by CVE-2021-31559.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/last-modified-date
- agent/references
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/splunk
- canonical/splunk
- version/splunk/8.1.0
- version/splunk/8.2.0