CVE-2021-31559

EPSS 0.15%
Published 06.05.2022 17:15:08
Last modified 21.11.2024 06:05:54
Source prodsec@splunk.com
Teams watchlist Login
Open Login

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Splunk ≫ Splunk SwEditionenterprise Version >= 8.1.0 < 8.1.5

Splunk ≫ Splunk Version8.2.0 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.356

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
prodsec@splunk.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-31559

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-31559

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-31559

EUVD