Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2017-17067

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.

  • Published: Nov 30, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-17067
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
splunk / splunk 6.3.0 6.3.12
splunk / splunk 6.4.0 6.4.9
splunk / splunk 6.5.0 6.5.6
splunk / splunk 6.6.0 6.6.3.2
splunk / splunk 7.0.0 7.0.0.1