CVE-2010-3323

Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
splunksplunk
4.0
splunksplunk
4.0.1
splunksplunk
4.0.2
splunksplunk
4.0.3
splunksplunk
4.0.4
splunksplunk
4.0.5
splunksplunk
4.0.6
splunksplunk
4.0.7
splunksplunk
4.0.8
splunksplunk
4.0.9
splunksplunk
4.0.10
splunksplunk
4.0.11
splunksplunk
4.1
splunksplunk
4.1.1
splunksplunk
4.1.2
splunksplunk
4.1.3
splunksplunk
4.1.4
𝑥
= Vulnerable software versions
References
http://www.splunk.com/view/SP-CAAAFQ6
http://www.splunk.com/view/SP-CAAAFQ6