Skip to main content

Splunk Releases Patch for Vulnerabilities

Splunk is an American multinational corporation that produces software for searching, monitoring, and analysing machine generated big-data.
Threat ID:
CC-1302
Category:
Exploit
Threat Severity:
Medium
Threat Vector:
Published:
4 April 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Splunk is an American multinational corporation that produces software for searching, monitoring, and analysing machine generated big-data.

Threat details

A number of versions of Splunk are affected by a persistent Cross Site Scripting (XSS) vulnerability in Splunk Web (SPL-134841) and an information leakage via a JavaScript vulnerability (CVE-2017-5607).

The information leakage vulnerability can be exploited remotely if an authenticated user visits a malicious website hosting the JavaScript.

Remediation steps

Type Step
  • Check the version of Splunk that you are running by clicking on ‘Help’ > ‘About’ > ‘Splunk Version’.
  • If the version of Splunk that is running is vulnerable, make sure that patches are applied in a timely manner.
  • Splunk recommends that to get the 6.2.13.1 patch, open a case with Splunk Customer Support.
  • Never open attachments or links in emails from untrusted sources.
  • Make sure that a Defence in Depth approach is taken to minimise the likelihood of a successful exploit taking place.
  • Make sure that Splunk is only accessible internally.

CVE Vulnerabilities

Status

CVE-2017-5607

Last edited: 17 February 2020 11:39 am