CVE-2021-31559 HIGH

CVE-2021-31559: S2S TcpToken authentication bypass

Vendor Splunk
Product Splunk Enterprise
Weakness CWE-288
Published May 6, 2022
Last update August 3, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.

Key dates

02Disclosure timeline

May 6, 2022 CVE published
August 3, 2024 Record updated