VYPR
Critical severity9.8NVD Advisory· Published Nov 30, 2017· Updated Jun 17, 2026

CVE-2017-17067

CVE-2017-17067

Description

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Splunk/Splunk2 versions
    cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*+ 1 more
    • cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*range: >=6.3.0,<6.3.12
    • (no CPE)range: <7.0.0.1, <6.6.3.2, <6.5.6, <6.4.9, <6.3.12
  • Range: <7.0.0.1, <6.6.3.2, <6.5.6, <6.4.9, <6.3.12

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.