admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-170xx/CVE-2017-17067.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

142 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-17067",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-11-30T02:29:04.273",
"lastModified": "2019-10-03T00:03:26.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks."
},
{
"lang": "es",
"value": "Splunk Web en Splunk Enterprise en versiones 7.0.x anteriores a la 7.0.0.1; versiones 6.6.x anteriores a la 6.6.3.2; versiones 6.5.x anteriores a la 6.5.6; versiones 6.4.x anteriores a la 6.4.9 y versiones 6.3.x anteriores a la 6.3.12, cuando SAML authType est\u00e1 habilitado, gestiona SAML de manera incorrecta, lo que permite que atacantes remotos omitan las restricciones de acceso planeadas o lleven a cabo ataques de suplantaci\u00f3n."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "6.3.0",
"versionEndExcluding": "6.3.12",
"matchCriteriaId": "0DC2CE50-FE85-4233-8168-BE69CAE09DD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.9",
"matchCriteriaId": "B170D956-8A73-4064-8E7C-B1D1491AC9F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "6.5.0",
"versionEndExcluding": "6.5.6",
"matchCriteriaId": "236F5D81-4E27-4297-8C50-1507B2C1123C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "6.6.0",
"versionEndExcluding": "6.6.3.2",
"matchCriteriaId": "66560908-CC8B-499A-843F-9C4E88945FCF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.0.1",
"matchCriteriaId": "D2D94E76-3EB1-4B9D-9AEF-C52AC68DF03B"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/102005",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.splunk.com/view/SP-CAAAP3K",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink