CVE-2021-31559
Description
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.198
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-31559 are fixed in Splunk Enterprise 8 8.1.5 | Windows |
| Vulnerabilities CVE-2021-31559 are fixed in Splunk Enterprise 8 (8.2.1) | Windows |
| Vulnerabilities CVE-2021-31559 are fixed in Splunk Enterprise 8 (x64) (8.2.1) | Windows |
| Vulnerabilities CVE-2021-31559 are fixed in Splunk Enterprise 8 (x64) (8.2.10) | Windows |
| Vulnerabilities CVE-2021-31559 are fixed in Splunk Enterprise 8 (x64) (8.2.11) | Windows |
| Vulnerabilities CVE-2021-31559 are fixed in Splunk Enterprise 8 (x64) (8.2.12) | Windows |
| Vulnerabilities CVE-2021-31559 are fixed in Splunk Enterprise 8 (x64) 8.1.5 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-325532 | Splunk Enterprise 8 (8.2.7) |
| PATCH-325532 | Splunk Enterprise 8 (8.2.7) |
| PATCH-332589 | Splunk Enterprise 8 (x64) (8.2.12) |
| PATCH-332589 | Splunk Enterprise 8 (x64) (8.2.12) |
| PATCH-332589 | Splunk Enterprise 8 (x64) (8.2.12) |
| PATCH-332589 | Splunk Enterprise 8 (x64) (8.2.12) |
| PATCH-332589 | Splunk Enterprise 8 (x64) (8.2.12) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234