Lucene search

SplunkCVELIST:CVE-2021-31559

HistoryMay 06, 2022 - 4:35 p.m.

CVE-2021-31559 S2S TcpToken authentication bypass

2022-05-0616:35:19

CWE-288

Splunk

www.cve.org

splunk

authentication bypass

cve-2021-31559

s2s

tcp token

vulnerability

indexer

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.8%

JSON

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.

CNA Affected

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "status": "affected",
        "version": "8.2 version(s) before 8.2.1"
      },
      {
        "status": "affected",
        "version": "Version(s) before 8.1.5"
      }
    ]
  }
]

References

www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.8%

JSON

Related for CVELIST:CVE-2021-31559