CVE-2021-33845
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Splunk | Splunk Enterprise | Version(s) before 8.1.7 | affected |
Weaknesses
- CWE-203: CWE-203
ADP Enrichment
CVE Program Container
Additional References
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html
- https://research.splunk.com/application/splunk_user_enumeration_attempt/
References
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html
- https://research.splunk.com/application/splunk_user_enumeration_attempt/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.