CVE-2016-4859

medium Splunk
CVSS v3 Base Score
6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.2%
Exploitation probability in 30 days
Top 54% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
Low
Availability
None
Published: May 12, 2017 (3289 days ago)
Last Modified: May 13, 2026
Vendor: Splunk
Source: NVD

Description

Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CWE

CWE-601

Affected Products

splunk splunk

References

🔗 www.securityfocus.com 🔗 jvn.jp 🔗 www.splunk.com 🔗 www.securityfocus.com 🔗 jvn.jp