CVE-2016-4859

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions 5.0.x prior to 5.0.16 Splunk Enterprise versions 6.0.x prior to 6.0.12 Splunk Enterprise versions 6.1.x prior to 6.1.11 Splunk Enterprise versions 6.2.x prior to 6.2.10 Splunk Enterprise versions 6.3.x prior to 6.3.6 Splunk Enterprise versions 6.4.x prior to 6.4.3 Splunk Light versions prior to 6.4.3

Description The issue allows attackers to redirect users to arbitrary web sites, potentially leading to phishing attacks. The exact vectors used for the attack are not specified.

Recommendations For Splunk Enterprise version 5.0.x, update to version 5.0.16 or later. For Splunk Enterprise version 6.0.x, update to version 6.0.12 or later. For Splunk Enterprise version 6.1.x, update to version 6.1.11 or later. For Splunk Enterprise version 6.2.x, update to version 6.2.10 or later. For Splunk Enterprise version 6.3.x, update to version 6.3.6 or later. For Splunk Enterprise version 6.4.x, update to version 6.4.3 or later. For Splunk Light, update to version 6.4.3 or later.