Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Splunk | Splunk | * | 6.4.2 (including) |
Splunk | Splunk | 5.0.0 (including) | 5.0.0 (including) |
Splunk | Splunk | 5.0.1 (including) | 5.0.1 (including) |
Splunk | Splunk | 5.0.2 (including) | 5.0.2 (including) |
Splunk | Splunk | 5.0.3 (including) | 5.0.3 (including) |
Splunk | Splunk | 5.0.4 (including) | 5.0.4 (including) |
Splunk | Splunk | 5.0.5 (including) | 5.0.5 (including) |
Splunk | Splunk | 5.0.6 (including) | 5.0.6 (including) |
Splunk | Splunk | 5.0.7 (including) | 5.0.7 (including) |
Splunk | Splunk | 5.0.8 (including) | 5.0.8 (including) |
Splunk | Splunk | 5.0.9 (including) | 5.0.9 (including) |
Splunk | Splunk | 5.0.10 (including) | 5.0.10 (including) |
Splunk | Splunk | 5.0.11 (including) | 5.0.11 (including) |
Splunk | Splunk | 5.0.12 (including) | 5.0.12 (including) |
Splunk | Splunk | 5.0.13 (including) | 5.0.13 (including) |
Splunk | Splunk | 5.0.14 (including) | 5.0.14 (including) |
Splunk | Splunk | 5.0.15 (including) | 5.0.15 (including) |
Splunk | Splunk | 6.0.0 (including) | 6.0.0 (including) |
Splunk | Splunk | 6.0.1 (including) | 6.0.1 (including) |
Splunk | Splunk | 6.0.2 (including) | 6.0.2 (including) |
Splunk | Splunk | 6.0.3 (including) | 6.0.3 (including) |
Splunk | Splunk | 6.0.4 (including) | 6.0.4 (including) |
Splunk | Splunk | 6.0.5 (including) | 6.0.5 (including) |
Splunk | Splunk | 6.0.6 (including) | 6.0.6 (including) |
Splunk | Splunk | 6.0.7 (including) | 6.0.7 (including) |
Splunk | Splunk | 6.0.8 (including) | 6.0.8 (including) |
Splunk | Splunk | 6.0.9 (including) | 6.0.9 (including) |
Splunk | Splunk | 6.0.10 (including) | 6.0.10 (including) |
Splunk | Splunk | 6.0.11 (including) | 6.0.11 (including) |
Splunk | Splunk | 6.1.0 (including) | 6.1.0 (including) |
Splunk | Splunk | 6.1.1 (including) | 6.1.1 (including) |
Splunk | Splunk | 6.1.2 (including) | 6.1.2 (including) |
Splunk | Splunk | 6.1.3 (including) | 6.1.3 (including) |
Splunk | Splunk | 6.1.4 (including) | 6.1.4 (including) |
Splunk | Splunk | 6.1.5 (including) | 6.1.5 (including) |
Splunk | Splunk | 6.1.6 (including) | 6.1.6 (including) |
Splunk | Splunk | 6.1.7 (including) | 6.1.7 (including) |
Splunk | Splunk | 6.1.8 (including) | 6.1.8 (including) |
Splunk | Splunk | 6.1.9 (including) | 6.1.9 (including) |
Splunk | Splunk | 6.1.10 (including) | 6.1.10 (including) |
Splunk | Splunk | 6.2.0 (including) | 6.2.0 (including) |
Splunk | Splunk | 6.2.1 (including) | 6.2.1 (including) |
Splunk | Splunk | 6.2.2 (including) | 6.2.2 (including) |
Splunk | Splunk | 6.2.3 (including) | 6.2.3 (including) |
Splunk | Splunk | 6.2.4 (including) | 6.2.4 (including) |
Splunk | Splunk | 6.2.5 (including) | 6.2.5 (including) |
Splunk | Splunk | 6.2.6 (including) | 6.2.6 (including) |
Splunk | Splunk | 6.2.7 (including) | 6.2.7 (including) |
Splunk | Splunk | 6.2.8 (including) | 6.2.8 (including) |
Splunk | Splunk | 6.2.9 (including) | 6.2.9 (including) |
Splunk | Splunk | 6.3.0 (including) | 6.3.0 (including) |
Splunk | Splunk | 6.3.1 (including) | 6.3.1 (including) |
Splunk | Splunk | 6.3.2 (including) | 6.3.2 (including) |
Splunk | Splunk | 6.3.3 (including) | 6.3.3 (including) |
Splunk | Splunk | 6.3.4 (including) | 6.3.4 (including) |
Splunk | Splunk | 6.3.5 (including) | 6.3.5 (including) |
Splunk | Splunk | 6.4.0 (including) | 6.4.0 (including) |
Splunk | Splunk | 6.4.1 (including) | 6.4.1 (including) |