Splunk Enterprise 6.3.x < 6.3.12 / 6.4.x < 6.4.9 / 6.5.x < 6.5.6 / 6.6 < 6.6.3.2 or 6.6.4 / 7.0.x < 7.0.0.1 Multiple SAML Implementation Vulnerabilities

critical Nessus Plugin ID 104850

Synopsis

An application running on the remote web server is affected by multiple SAML implementation vulnerabilities.

Description

According to its self-reported version number, the version of Splunk running on the remote web server is 6.3.x prior to 6.3.12, 6.4.x prior to 6.4.9, 6.5.x prior to 6.5.6, 6.6.x prior to 6.6.3.2 or 6.6.4, or 7.0.x prior to 7.0.0.1. It is, therefore, affected by multiple SAML implementation vulnerabilities.

Note that this only affects Splunk Enterprise components running Splunk Web with SAML authentication enabled.

Solution

Upgrade to Splunk Enterprise version 6.3.12 / 6.4.9 / 6.5.6 / 6.6.3.2 / 6.6.4 / 7.0.0.1 or later.

See Also

https://www.splunk.com/view/SP-CAAAP3K

Plugin Details

Severity: Critical

ID: 104850

File Name: splunk_7001.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 11/29/2017

Updated: 1/26/2022

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:splunk:splunk

Required KB Items: installed_sw/Splunk, Settings/ParanoidReport

Exploit Ease: No exploit is required

Patch Publication Date: 11/14/2017

Vulnerability Publication Date: 11/14/2017

Reference Information

CVE: CVE-2017-17067

IAVB: 2017-B-0163-S