CVE-2017-17067

critical

Published 2017-11-30 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

10.0

VIR risk

9.8

Description

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.splunk.com/view/SP-CAAAP3K

Application impact

Vendor	Product	Versions	Fixed
splunk	splunk	`{"startIncluding":"6.3.0","endExcluding":"6.3.12"}`	`6.3.12`

References

http://www.securityfocus.com/bid/102005
https://www.splunk.com/view/SP-CAAAP3K
http://www.securityfocus.com/bid/102005
https://www.splunk.com/view/SP-CAAAP3K

CWEs

CWE-863

Verify integrity in audit chain (admin only). AS-IS.