CVE-2010-3322
HIGHSplunk 4.0.0-4.1.4 - Authenticated XML External Entity Injection
Title source: llmDescription
The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.splunk.com/view/SP-CAAAFQ6
Scores
CVSS v3
8.8
EPSS
0.0057
EPSS Percentile
68.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (1)
splunk/splunk
4.0 - 4.1.4
Published
Sep 14, 2010
Tracked Since
Feb 18, 2026