Filtered by vendor Splunk
Subscriptions
Total
211 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-29945 | 1 Splunk | 1 Splunk | 2024-12-10 | 7.2 High |
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. | ||||
CVE-2024-23677 | 1 Splunk | 2 Cloud, Splunk | 2024-12-10 | 4.3 Medium |
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. | ||||
CVE-2024-36984 | 1 Splunk | 1 Enterprise Security | 2024-12-10 | 8.8 High |
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code. | ||||
CVE-2024-45740 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 5.4 Medium |
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user. | ||||
CVE-2023-22931 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 4.3 Medium |
In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default. | ||||
CVE-2023-40598 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 8.5 High |
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance. | ||||
CVE-2023-32717 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 4.3 Medium |
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. | ||||
CVE-2024-45738 | 1 Splunk | 1 Splunk | 2024-12-10 | 4.9 Medium |
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. | ||||
CVE-2023-32707 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 8.8 High |
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests. | ||||
CVE-2023-32711 | 1 Splunk | 1 Splunk | 2024-12-10 | 5.4 Medium |
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload. | ||||
CVE-2024-45734 | 1 Splunk | 2 Splunk, Splunk Enterprise | 2024-12-10 | 4.3 Medium |
In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard. | ||||
CVE-2023-46213 | 1 Splunk | 3 Cloud, Splunk, Splunk Cloud Platform | 2024-12-10 | 4.8 Medium |
In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. | ||||
CVE-2023-32714 | 1 Splunk | 2 Splunk, Splunk App For Lookup File Editing | 2024-12-10 | 8.1 High |
In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory. | ||||
CVE-2023-22932 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 8 High |
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0. | ||||
CVE-2023-46214 | 1 Splunk | 3 Cloud, Splunk, Splunk Enterprise | 2024-12-10 | 8 High |
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance. | ||||
CVE-2024-22164 | 1 Splunk | 1 Enterprise Security | 2024-12-10 | 4.3 Medium |
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. | ||||
CVE-2023-22937 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 4.3 Medium |
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. | ||||
CVE-2024-23676 | 1 Splunk | 2 Cloud, Splunk | 2024-12-10 | 4.6 Medium |
In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit. | ||||
CVE-2023-40593 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 6.3 Medium |
In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon. | ||||
CVE-2024-45731 | 2 Microsoft, Splunk | 3 Windows, Splunk, Splunk Enterprise | 2024-12-10 | 8 High |
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. |