S2S TCP Token Bypass Vulnerability in Splunk Enterprise Indexer 8.1 and 8.2

S2S TCP Token Bypass Vulnerability in Splunk Enterprise Indexer 8.1 and 8.2

CVE-2021-31559 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.

Learn more about our Web Application Penetration Testing UK.