CVE-2017-17067

CRITICAL

Splunk 6.3.0-6.3.11 - Incorrect Authorization via SAML Authentication Bypass

Title source: llm
STIX 2.1

Description

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102005
Vendor Advisory x_refsource_confirm
https://www.splunk.com/view/SP-CAAAP3K

Scores

CVSS v3 9.8
EPSS 0.0334
EPSS Percentile 87.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-863
Status published
Products (1)
splunk/splunk 6.3.0 - 6.3.12
Published Nov 30, 2017
Tracked Since Feb 18, 2026