CVE-2011-4644

Name of the Vulnerable Software and Affected Versions Splunk versions 4.2.5 and earlier

Description The issue allows remote attackers to read arbitrary files or execute management commands. This is possible when a Free license is selected, enabling potentially undesirable functionality within an environment that intentionally does not support authentication. Attackers can leverage the ability to create crafted data sources via a management-console session or send an HTTP request to execute management commands.

Recommendations For Splunk versions 4.2.5 and earlier, consider disabling the ability to create crafted data sources and restrict access to management-console sessions to minimize the risk of exploitation. Additionally, limit the execution of management commands via HTTP requests until a fix is available.