The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.
Threat-Mapped Scoring
Score: 3.0
Priority: P2 - Serious (High)
S1 – Steal Customer Account Information
EPSS
Score: 0.00568 Percentile:
0.67546
CVSS Scoring
CVSS v3.1 Score: 8.8
Severity: HIGH
Mapped CWE(s)
CWE-611
: Improper Restriction of XML External Entity Reference
All CAPEC(s)
CAPEC-221: Data Serialization External Entities Blowup