CVE-2010-3323

EUVD-2010-3321
Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
splunksplunk
4.0
splunksplunk
4.0.1
splunksplunk
4.0.2
splunksplunk
4.0.3
splunksplunk
4.0.4
splunksplunk
4.0.5
splunksplunk
4.0.6
splunksplunk
4.0.7
splunksplunk
4.0.8
splunksplunk
4.0.9
splunksplunk
4.0.10
splunksplunk
4.0.11
splunksplunk
4.1
splunksplunk
4.1.1
splunksplunk
4.1.2
splunksplunk
4.1.3
splunksplunk
4.1.4
𝑥
= Vulnerable software versions
References
http://www.splunk.com/view/SP-CAAAFQ6
http://www.splunk.com/view/SP-CAAAFQ6