Vulnerability-Lookup

Affected: 6.4.x prior to 6.4.3
Affected: 6.3.x prior to 6.3.6
Affected: 6.2.x prior to 6.2.10
Affected: 6.1.x prior to 6.1.11
Affected: 6.0.x prior to 6.0.12
Affected: 5.0.x prior to 5.0.16

Affected: prior to 6.4.3

Date Public ?

2016-08-22 00:00

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:46:38.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#64800312",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN64800312/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.splunk.com/view/SP-CAAAPQ6"
          },
          {
            "name": "92603",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92603"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.x prior to 6.4.3"
            },
            {
              "status": "affected",
              "version": "6.3.x prior to 6.3.6"
            },
            {
              "status": "affected",
              "version": "6.2.x prior to 6.2.10"
            },
            {
              "status": "affected",
              "version": "6.1.x prior to 6.1.11"
            },
            {
              "status": "affected",
              "version": "6.0.x prior to 6.0.12"
            },
            {
              "status": "affected",
              "version": "5.0.x prior to 5.0.16"
            }
          ]
        },
        {
          "product": "Splunk Light",
          "vendor": "Splunk Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 6.4.3"
            }
          ]
        }
      ],
      "datePublic": "2016-08-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Open Redirect",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-15T09:57:01.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#64800312",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN64800312/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.splunk.com/view/SP-CAAAPQ6"
        },
        {
          "name": "92603",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92603"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-4859",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Splunk Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.x prior to 6.4.3"
                          },
                          {
                            "version_value": "6.3.x prior to 6.3.6"
                          },
                          {
                            "version_value": "6.2.x prior to 6.2.10"
                          },
                          {
                            "version_value": "6.1.x prior to 6.1.11"
                          },
                          {
                            "version_value": "6.0.x prior to 6.0.12"
                          },
                          {
                            "version_value": "5.0.x prior to 5.0.16"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Splunk Light",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 6.4.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Splunk Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Open Redirect"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#64800312",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN64800312/index.html"
            },
            {
              "name": "https://www.splunk.com/view/SP-CAAAPQ6",
              "refsource": "CONFIRM",
              "url": "https://www.splunk.com/view/SP-CAAAPQ6"
            },
            {
              "name": "92603",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92603"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-4859",
    "datePublished": "2017-05-12T18:00:00.000Z",
    "dateReserved": "2016-05-17T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:46:38.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-4857 (GCVE-0-2016-4857)

Vulnerability from cvelistv5 – Published: 2017-05-12 18:00 – Updated: 2024-08-06 00:46

Summary

Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Open Redirect

Assigner

jpcert

References

URL

Tags

	https://www.splunk.com/view/SP-CAAAPQM	x_refsource_CONFIRM
	https://jvn.jp/en/jp/JVN39926655/index.html	third-party-advisoryx_refsource_JVN

Impacted products

Vendor

Product

Version

Affected: 6.4.x prior to 6.4.2
Affected: 6.3.x prior to 6.3.6
Affected: 6.2.x prior to 6.2.11

Affected: prior to 6.4.2

Date Public ?

2016-07-28 00:00

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:46:38.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.splunk.com/view/SP-CAAAPQM"
          },
          {
            "name": "JVN#39926655",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN39926655/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.x prior to 6.4.2"
            },
            {
              "status": "affected",
              "version": "6.3.x prior to 6.3.6"
            },
            {
              "status": "affected",
              "version": "6.2.x prior to 6.2.11"
            }
          ]
        },
        {
          "product": "Splunk Light",
          "vendor": "Splunk Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 6.4.2"
            }
          ]
        }
      ],
      "datePublic": "2016-07-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Open Redirect",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-12T17:57:01.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.splunk.com/view/SP-CAAAPQM"
        },
        {
          "name": "JVN#39926655",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN39926655/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-4857",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Splunk Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.4.x prior to 6.4.2"
                          },
                          {
                            "version_value": "6.3.x prior to 6.3.6"
                          },
                          {
                            "version_value": "6.2.x prior to 6.2.11"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Splunk Light",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 6.4.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Splunk Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Open Redirect"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.splunk.com/view/SP-CAAAPQM",
              "refsource": "CONFIRM",
              "url": "https://www.splunk.com/view/SP-CAAAPQM"
            },
            {
              "name": "JVN#39926655",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN39926655/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-4857",
    "datePublished": "2017-05-12T18:00:00.000Z",
    "dateReserved": "2016-05-17T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:46:38.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-4856 (GCVE-0-2016-4856)

Vulnerability from cvelistv5 – Published: 2017-05-12 18:00 – Updated: 2024-08-06 00:46

Summary

Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Cross-site scripting

Assigner

jpcert

References

URL

Tags

	https://www.splunk.com/view/SP-CAAAPN9	x_refsource_CONFIRM
	https://jvn.jp/en/jp/JVN71462075/index.html	third-party-advisoryx_refsource_JVN
	http://www.securityfocus.com/bid/92990	vdb-entryx_refsource_BID

Impacted products

Vendor

Product

Version

Affected: 6.3.x prior to 6.3.5

Affected: 6.3.x prior to 6.3.5

Date Public ?

2016-06-06 00:00

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:46:38.427Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.splunk.com/view/SP-CAAAPN9"
          },
          {
            "name": "JVN#71462075",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
          },
          {
            "name": "92990",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92990"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "6.3.x prior to 6.3.5"
            }
          ]
        },
        {
          "product": "Splunk Light",
          "vendor": "Splunk Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "6.3.x prior to 6.3.5"
            }
          ]
        }
      ],
      "datePublic": "2016-06-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-15T09:57:01.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.splunk.com/view/SP-CAAAPN9"
        },
        {
          "name": "JVN#71462075",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
        },
        {
          "name": "92990",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92990"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-4856",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Splunk Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.3.x prior to 6.3.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Splunk Light",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.3.x prior to 6.3.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Splunk Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.splunk.com/view/SP-CAAAPN9",
              "refsource": "CONFIRM",
              "url": "https://www.splunk.com/view/SP-CAAAPN9"
            },
            {
              "name": "JVN#71462075",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN71462075/index.html"
            },
            {
              "name": "92990",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92990"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-4856",
    "datePublished": "2017-05-12T18:00:00.000Z",
    "dateReserved": "2016-05-17T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:46:38.427Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-4858 (GCVE-0-2016-4858)

Vulnerability from cvelistv5 – Published: 2017-05-12 18:00 – Updated: 2024-08-06 00:46

Summary

Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Cross-site scripting

Assigner

jpcert

References

URL

Tags

	https://www.splunk.com/view/SP-CAAAPN9	x_refsource_CONFIRM
	https://jvn.jp/en/jp/JVN71462075/index.html	third-party-advisoryx_refsource_JVN

Impacted products

Vendor

Product

Version

Affected: 6.4.x prior to 6.4.2
Affected: 6.3.x prior to 6.3.6
Affected: 6.2.x prior to 6.2.10
Affected: 6.1.x prior to 6.1.11
Affected: 6.0.x prior to 6.0.12
Affected: 5.0.x prior to 5.0.16

Affected: prior to 6.4.2

Date Public ?

2016-06-06 00:00

Show details on NVD website