CVE-2011-4642

medium Splunk
CVSS v3 Base Score
4.6
AV:N/AC:H/Au:S/C:P/I:P/A:P
EPSS Score
18.7%
Exploitation probability in 30 days
Top 5% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Confidentiality
P
Integrity
P
Availability
P
Published: January 3, 2012 (5245 days ago)
Last Modified: April 29, 2026
Vendor: Splunk
Source: NVD

Description

mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.

CWE

CWE-352

Affected Products

splunk splunk

References

🔗 secunia.com 🔗 www.exploit-db.com 🔗 www.sec-1.com 🔗 www.sec-1.com 🔗 www.securitytracker.com