The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.
References
| Link | Resource |
|---|---|
| http://www.splunk.com/view/SP-CAAAFQ6 | Patch Vendor Advisory |
Configurations
History
21 Feb 2024, 21:08
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:splunk:splunk:4.0.9:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.1.3:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.1.4:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.0.11:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.1.2:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.0.10:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.0:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.0.5:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.1:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.0.4:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.0.8:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.0.7:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:4.1.1:*:*:*:*:*:*:* |
cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:* |
| CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 8.8 |
| CWE | CWE-611 |
Information
Published : 2010-09-14 17:00
Updated : 2024-02-21 21:08
NVD link : CVE-2010-3322
Mitre link : CVE-2010-3322
CVE.ORG link : CVE-2010-3322
JSON object : View
Products Affected
splunk
- splunk
CWE
CWE-611
Improper Restriction of XML External Entity Reference