CVE-2011-4644

critical Splunk
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
5.0%
Exploitation probability in 30 days
Top 10% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: January 3, 2012 (5245 days ago)
Last Modified: April 29, 2026
Vendor: Splunk
Source: NVD

Description

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.

CWE

CWE-287

Affected Products

splunk splunk

References

🔗 www.exploit-db.com 🔗 www.sec-1.com 🔗 www.sec-1.com 🔗 www.exploit-db.com 🔗 www.sec-1.com