The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.
CVSS Score
8.8
EPSS Score
0.006
Published
2010-09-14
Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.
CVSS Score
4.6
EPSS Score
0.004
Published
2010-09-14
Page 2