Information Disclosure Vulnerability in Splunk Enterprise and Splunk Light

Information Disclosure Vulnerability in Splunk Enterprise and Splunk Light

CVE-2017-5607 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.

Learn more about our Web App Pen Testing.