Splunk response to CVE-2018-11409: Information Exposure

Advisory ID: SP-CAAAP5E

CVE ID: CVE-2018-11409

Published: 2018-06-18

Last Update: 2018-06-18

CVSSv3.1 Score: -, Low

CVSSv3.1 Vector: -

CWE: -

Bug ID: -

Information Exposure in Splunk Enterprise

Splunk has completed a review of CVE-2018-11409: Information Exposure. Splunk Enterprise exposes system information through a REST endpoint as described by the vulnerability descriptions.

Splunk Enterprise exposes partial information about the host operating system, hardware and Splunk license. Splunk Enterprise before 6.6.0 exposes this information without authentication. Splunk Enterprise 6.6.0 and later exposes this information only to authenticated Splunk users. Based on the information exposure, Splunk characterizes this issue as a low severity impact.

At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication with Splunk. If there is no Common Vulnerabilities and Exposures (CVE) identifier listed with a vulnerability, it will be added once it is assigned by a CVE Numbering Authority. To standardize the calculation of severity scores for each vulnerability, when appropriate, Splunk uses Common Vulnerability Scoring System version 2 (CVSS v2).

Affected Product Versions:

Splunk Enterprise versions 6.2.x, 6.3.x, 6.4.x and 6.5.x

Affected Components:

Search heads, heavy forwarders, universal forwarders and indexers.

CVSS Severity (version 2.0):

CVSS Base Score 5.0
CVSS Impact Subscore 2.9
CVSS Exploitability Subscore 10
Overall CVSS Score 3.6

Document History

  • 2018-06-18: Rev 1. Initial Release