6.8
CVE-2026-20144
- EPSS 0.06%
- Veröffentlicht 18.02.2026 16:45:23
- Zuletzt bearbeitet 23.02.2026 14:43:22
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Splunk ≫ Splunk Cloud Platform Version >= 9.3.2411 < 9.3.2411.120
Splunk ≫ Splunk Cloud Platform Version >= 10.0.2503 < 10.0.2503.9
Splunk ≫ Splunk Cloud Platform Version >= 10.1.2507 < 10.1.2507.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.191 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| psirt@cisco.com | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.