Filtered by vendor Splunk
Subscriptions
Total
211 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23675 | 1 Splunk | 2 Cloud, Splunk | 2024-11-21 | 6.5 Medium |
| In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. | ||||
| CVE-2024-22165 | 1 Splunk | 1 Enterprise Security | 2024-11-21 | 6.5 Medium |
| In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users. | ||||
| CVE-2024-22164 | 1 Splunk | 1 Enterprise Security | 2024-11-21 | 4.3 Medium |
| In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. | ||||
| CVE-2023-4571 | 1 Splunk | 1 It Service Intelligence | 2024-11-21 | 8.6 High |
| In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine. | ||||
| CVE-2023-46231 | 1 Splunk | 1 Add-on Builder | 2024-11-21 | 8.8 High |
| In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on. | ||||
| CVE-2023-46230 | 1 Splunk | 1 Add-on Builder | 2024-11-21 | 8.2 High |
| In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. | ||||
| CVE-2023-46214 | 1 Splunk | 3 Cloud, Splunk, Splunk Enterprise | 2024-11-21 | 8 High |
| In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance. | ||||
| CVE-2023-46213 | 1 Splunk | 3 Cloud, Splunk, Splunk Cloud Platform | 2024-11-21 | 4.8 Medium |
| In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. | ||||
| CVE-2023-40598 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 8.5 High |
| In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance. | ||||
| CVE-2023-40597 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 7.8 High |
| In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk. | ||||
| CVE-2023-40596 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-11-21 | 7 High |
| In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine. | ||||
| CVE-2023-40595 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 8.8 High |
| In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code. | ||||
| CVE-2023-40594 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 6.5 Medium |
| In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance. | ||||
| CVE-2023-40593 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 6.3 Medium |
| In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon. | ||||
| CVE-2023-40592 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 8.4 High |
| In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance. | ||||
| CVE-2023-3997 | 1 Splunk | 1 Soar | 2024-11-21 | 8.6 High |
| Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action. | ||||
| CVE-2023-32717 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 4.3 Medium |
| On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. | ||||
| CVE-2023-32716 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 6.5 Medium |
| In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon. | ||||
| CVE-2023-32715 | 1 Splunk | 1 Splunk App For Lookup File Editing | 2024-11-21 | 4.7 Medium |
| In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will. | ||||
| CVE-2023-32714 | 1 Splunk | 2 Splunk, Splunk App For Lookup File Editing | 2024-11-21 | 8.1 High |
| In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory. | ||||