PT-2022-10035 · Splunk · Splunk Enterprise Indexer
Chris Samley
·
Published
2022-05-06
·
Updated
2022-10-25
·
CVE-2021-31559
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise Indexer versions 8.1 through 8.1.4
Splunk Enterprise Indexer versions 8.2 through 8.2.0
Description
A crafted request can bypass S2S TCP Token authentication, allowing arbitrary events to be written to an index. This issue impacts Indexers configured to use TCPTokens, but it does not affect Universal Forwarders.
Recommendations
For versions 8.1 through 8.1.4, update to version 8.1.5 or later.
For versions 8.2 through 8.2.0, update to version 8.2.1 or later.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Enterprise Indexer