Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0135 Multiple vulnerabilities have been identified in Splunk Enterprise and Splunk Light 29 August 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Splunk Enterprise Splunk Light Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade Member content until: Thursday, September 28 2017 OVERVIEW Multiple vulnerabilities have been identified in Splunk Enterprise and Splunk Light prior to version 6.6.3. [1] IMPACT Splunk has provided the following details regarding the vulnerabilities: "Persistent Cross Site Scripting in Splunk Web (SPL-142874) Description: Splunk Enterprise versions 6.6.x earlier than 6.6.3 and Splunk Light versions 6.6.x earlier than 6.6.3 are affected by a vulnerability that allows an authenticated attacker to inject and store arbitrary JavaScript. CVSS Severity (version 2.0): CVSS Base Score 8.2 CVSS Impact Subscore 9.5 CVSS Exploitability Subscore 6.8 Overall CVSS Score 6.8 Reflected Cross Site Scripting in Splunk Web (SPL-142877) Description: Splunk Enterprise versions 6.6.x earlier than 6.6.3 and Splunk Light versions 6.6.x earlier than 6.6.3 are affected by a vulnerability that could permit an unauthenticated attacker to execute JavaScript with the help of social engineering attack. CVSS Severity (version 2.0): CVSS Base Score 8.2 CVSS Impact Subscore 9.5 CVSS Exploitability Subscore 6.8 Overall CVSS Score 6.8". [1] MITIGATION Splunk recommends upgrading to the latest versions to address these vulnerabilities. [1] REFERENCES [1] Splunk Enterprise 6.6.3 and Splunk Light 6.6.3 address multiple vulnerabilities https://www.splunk.com/view/SP-CAAAP3H AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWaS4MYx+lLeg9Ub1AQi2Yg/+IBMVDj6+xbmLC73WgVkGHTJdUPkjoVfr 6NUs4EpolyHNzQmDV1pZzyBzE+YB4XBoiDWVyZ4SIPwA5U0a4DLXkNTAs7YDbOKD p3FEQ7Lcbb4gyidtVs2U9D2ZojHyqa/GHDVpxV0dVK3TN6H8YHFp8TrgxffaQpgF 8K7bg6abE6LptRQlfpuGyrokk4FDl+TDyge4Aqb46fpqwyLKkw00mLMWmbMZtaOw m+ADD92ZHycj4Wa1V4vfYPDaZrIoUMdA4UM2YAFKu520FI8iWYPOTEKKwhww+MNs QbAnkSOrL7VdvUbVHKz4x2PMP2GPRv8oYom3PCD27O50zc8hMHBqmqwfjbppKbAs XqmyKlJ/JDeC2rc3lmr/ndsEeCQUTLSbi8pAP8ZQjeeVhRtlg+neP+v4M6sQ3Xqd nWkOslaJTXsZ1bAN+BjNr+dgHLrvepBsUYvYR2VieIRezmRW88FoeB9GqOLQuILS z7uxtn/KHJkQTP6kXM03D7tICaSXmLeOPY64zCjYm0tiFDdWcNbOt+rlLiqU4Qzb Rcxy+OYFkWBVyfqoCxXyBIzjmedVORRIamRYW0jWrdWMX42+YfzJz+KajAgDF1Mt oJ0iePPHITQvEaWkEL+dR9hQTNNoE8lCf+wNVWHDKr+dVJpnluSwDAtAoKtgw0cA UdaU0ULNH7s= =Jmak -----END PGP SIGNATURE-----