SAML Authentication Bypass and Impersonation Vulnerability in Splunk Web
CVE-2017-17067 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.
Learn more about our Web App Pen Testing.