Preface: Splunk is powerful, it can extract cookie of web connections. If client connection still alive, hacker can hijack and get the connection.
Vulnerability details: A vulnerability in Splunk Python SDK could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system. An attacker could exploit this vulnerability by executing a man-in-the-middle attack to bypass access restrictions on the system.
Design weakness: Due to improper verification of untrusted TLS server certificates
Remedy: Splunk has released software updates (refer url) – https://github.com/splunk/splunk-sdk-python/releases