CVE-2021-31559
HIGHSplunk Enterprise Indexer <8.1.5, <8.2.1 - Auth Bypass
Title source: llmDescription
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html
Scores
CVSS v3
7.5
EPSS
0.0020
EPSS Percentile
41.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-288
Status
published
Products (2)
splunk/splunk
8.2.0
splunk/splunk
8.1.0 - 8.1.5
Published
May 06, 2022
Tracked Since
Feb 18, 2026