Low severity3.5NVD Advisory· Published Apr 10, 2017· Updated Jun 17, 2026
CVE-2017-5607
CVE-2017-5607
Description
Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <5.0.18, <6.0.14, <6.1.13, <6.2.13.1, <6.3.10, <6.4.6, <6.5.3
- Range: <6.5.2
Patches
Vulnerability mechanics
References
8- hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txtnvdExploitThird Party Advisory
- seclists.org/fulldisclosure/2017/Mar/89nvdExploitMailing ListThird Party Advisory
- www.securityfocus.com/archive/1/540346/100/0/threadednvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/41779/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/97265nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/97286nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038170nvdThird Party AdvisoryVDB Entry
- www.splunk.com/view/SP-CAAAPZ3nvdVendor Advisory
News mentions
0No linked articles in our index yet.