CVE-2017-17067

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions 6.3.x through 6.3.11 Splunk Enterprise versions 6.4.x through 6.4.8 Splunk Enterprise versions 6.5.x through 6.5.5 Splunk Enterprise versions 6.6.x through 6.6.3.1 Splunk Enterprise versions 7.0.x through 7.0.0.0

Description The issue is related to insufficient access control in the Splunk Web interface of the Splunk Enterprise platform for operational analysis. It can be exploited by a remote attacker to bypass existing access restrictions or perform arbitrary actions on behalf of legitimate system users. When the SAML authType is enabled, the system mishandles SAML, allowing remote attackers to bypass intended access restrictions or conduct impersonation attacks.

Recommendations For versions 6.3.x through 6.3.11, update to version 6.3.12 or later. For versions 6.4.x through 6.4.8, update to version 6.4.9 or later. For versions 6.5.x through 6.5.5, update to version 6.5.6 or later. For versions 6.6.x through 6.6.3.1, update to version 6.6.3.2 or later. For versions 7.0.x through 7.0.0.0, update to version 7.0.0.1 or later.