Vulnerabilites related to splunk - splunk_cloud_platform
CVE-2023-22935 (GCVE-0-2023-22935)
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-03-20 13:55
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.442Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0205", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22935", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T13:55:26.103677Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T13:55:35.952Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:50.592Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0205", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], source: { advisory: "SVD-2023-0205", }, title: "SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22935", datePublished: "2023-02-14T17:22:36.093Z", dateReserved: "2023-01-10T21:39:55.583Z", dateUpdated: "2025-03-20T13:55:35.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43562 (GCVE-0-2022-43562)
Vulnerability from cvelistv5
Published
2022-11-04 22:19
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.12 Version: 8.2 < 8.2.9 Version: 9.0 < 9.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.735Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.12", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.9", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.2", status: "affected", version: "9.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Ali Mirheidari at Splunk", }, ], datePublic: "2022-11-02T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.</span><br>", }, ], value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T22:19:11.815Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html", }, ], source: { advisory: "SVD-2022-1102", discovery: "INTERNAL", }, title: "Host Header Injection in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-43562", datePublished: "2022-11-04T22:19:11.815Z", dateReserved: "2022-10-20T18:37:09.181Z", dateUpdated: "2024-08-03T13:32:59.735Z", requesterUserId: "d03a2723-f9e2-46d2-8173-16ee7d33f715", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-32151 (GCVE-0-2022-32151)
Vulnerability from cvelistv5
Published
2022-06-15 16:46
Modified
2024-09-16 17:59
Severity ?
EPSS score ?
Summary
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html | x_refsource_CONFIRM | |
| https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation | x_refsource_CONFIRM | |
| https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates | x_refsource_CONFIRM | |
| https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk, Inc | Splunk Enterprise |
Version: 9.0 < 9.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:32:56.016Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk, Inc", versions: [ { lessThan: "9.0", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk, Inc", versions: [ { lessThan: "8.2.2203", status: "affected", version: "8.2", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Chris Green at Splunk", }, ], datePublic: "2022-06-14T00:00:00", descriptions: [ { lang: "en", value: "The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295 Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-15T16:46:07", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/", }, ], source: { advisory: "SVD-2022-0601", discovery: "INTERNAL", }, title: "Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "prodsec@splunk.com", DATE_PUBLIC: "2022-06-14T11:55:00.000Z", ID: "CVE-2022-32151", STATE: "PUBLIC", TITLE: "Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Splunk Enterprise", version: { version_data: [ { version_affected: "<", version_name: "9.0", version_value: "9.0", }, ], }, }, { product_name: "Splunk Cloud Platform", version: { version_data: [ { version_affected: "<", version_name: "8.2", version_value: "8.2.2203", }, ], }, }, ], }, vendor_name: "Splunk, Inc", }, ], }, }, credit: [ { lang: "eng", value: "Chris Green at Splunk", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-295 Improper Certificate Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html", refsource: "CONFIRM", url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html", }, { name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", refsource: "CONFIRM", url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", refsource: "CONFIRM", url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { name: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/", }, ], }, source: { advisory: "SVD-2022-0601", discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-32151", datePublished: "2022-06-15T16:46:07.016591Z", dateReserved: "2022-05-31T00:00:00", dateUpdated: "2024-09-16T17:59:24.447Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22931 (GCVE-0-2023-22931)
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.394Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0201", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "8.2.2203", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "James Ervin, Splunk", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.", }, ], value: "In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:46.340Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0201", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], source: { advisory: "SVD-2023-0201", }, title: "‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22931", datePublished: "2023-02-14T17:22:36.712Z", dateReserved: "2023-01-10T21:39:55.583Z", dateUpdated: "2025-02-28T11:03:46.340Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43570 (GCVE-0-2022-43570)
Vulnerability from cvelistv5
Published
2022-11-04 22:22
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.12 Version: 8.2 < 8.2.9 Version: 9.0 < 9.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.580Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.12", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.9", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.2", status: "affected", version: "9.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2022-11-02T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.</span><br>", }, ], value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "CWE-611 Improper Restriction of XML External Entity Reference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T22:22:50.526Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html", }, ], source: { advisory: "SVD-2022-1110", discovery: "EXTERNAL", }, title: "XML External Entity Injection through a custom View in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-43570", datePublished: "2022-11-04T22:22:50.526Z", dateReserved: "2022-10-20T18:37:09.182Z", dateUpdated: "2024-08-03T13:32:59.580Z", requesterUserId: "d03a2723-f9e2-46d2-8173-16ee7d33f715", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-32710 (GCVE-0-2023-32710)
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.729Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0609", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.", }, ], value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:51.327Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0609", }, ], source: { advisory: "SVD-2023-0609", }, title: "Information Disclosure via the ‘copyresults’ SPL Command", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32710", datePublished: "2023-06-01T16:34:28.796Z", dateReserved: "2023-05-11T20:55:59.871Z", dateUpdated: "2025-02-28T11:03:51.327Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-32716 (GCVE-0-2023-32716)
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.564Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0611", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32716", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-08T21:02:39.459959Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T21:02:52.897Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.", }, ], value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:45.371Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0611", }, { url: "https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6/", }, ], source: { advisory: "SVD-2023-0611", }, title: "Denial of Service via the 'dump' SPL command", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32716", datePublished: "2023-06-01T16:34:29.168Z", dateReserved: "2023-05-11T20:55:59.872Z", dateUpdated: "2025-02-28T11:03:45.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-45741 (GCVE-0-2024-45741)
Vulnerability from cvelistv5
Published
2024-10-14 17:03
Modified
2025-02-28 11:04
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.3 Version: 9.1 < 9.1.6 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_enterprise", vendor: "splunk", versions: [ { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.2.2403.108", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.205", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45741", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:29:56.360207Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T17:31:19.677Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2403.108", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.205", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2024-10-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could create a malicious payload through a custom configuration file that the \"api.uri\" parameter from the \"/manager/search/apps/local\" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could create a malicious payload through a custom configuration file that the \"api.uri\" parameter from the \"/manager/search/apps/local\" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:04:00.392Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1011", }, { url: "https://research.splunk.com/application/d7b5aa71-157f-4359-9c34-e35752b1d0a2/", }, ], source: { advisory: "SVD-2024-1011", }, title: "Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-45741", datePublished: "2024-10-14T17:03:33.986Z", dateReserved: "2024-09-05T21:35:21.291Z", dateUpdated: "2025-02-28T11:04:00.392Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43566 (GCVE-0-2022-43566)
Vulnerability from cvelistv5
Published
2022-11-04 22:21
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.12 Version: 8.2 < 8.2.9 Version: 9.0 < 9.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.752Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.12", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.9", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.2", status: "affected", version: "9.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Anton (therceman)", }, ], datePublic: "2022-11-02T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards\">SPL safeguards for risky commands</a><span style=\"background-color: rgb(255, 255, 255);\"> in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.</span><br>", }, ], value: "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T22:21:21.337Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html", }, { url: "https://research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8/", }, ], source: { advisory: "SVD-2022-1106", discovery: "EXTERNAL", }, title: "Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-43566", datePublished: "2022-11-04T22:21:21.337Z", dateReserved: "2022-10-20T18:37:09.182Z", dateUpdated: "2024-08-03T13:32:59.752Z", requesterUserId: "d03a2723-f9e2-46d2-8173-16ee7d33f715", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-36983 (GCVE-0-2024-36983)
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", ], defaultStatus: "unknown", product: "splunk", vendor: "splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.1.2312.109", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-36983", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-02T20:10:58.843878Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T17:36:43.524Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.454Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0703", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.109", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:59.649Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0703", }, { url: "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", }, ], source: { advisory: "SVD-2024-0703", }, title: "Command Injection using External Lookups", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36983", datePublished: "2024-07-01T16:30:41.779Z", dateReserved: "2024-05-30T16:36:20.999Z", dateUpdated: "2025-02-28T11:03:59.649Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-53246 (GCVE-0-2024-53246)
Vulnerability from cvelistv5
Published
2024-12-10 18:01
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.2 Version: 9.2 < 9.2.4 Version: 9.1 < 9.1.7 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53246", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T20:39:36.685783Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T21:13:47.167Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.2", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.4", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.7", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.3.2408.101", status: "affected", version: "9.3.2408", versionType: "custom", }, { lessThan: "9.2.2406.106", status: "affected", version: "9.2.2406", versionType: "custom", }, { lessThan: "9.2.2403.111", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.206", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], datePublic: "2024-12-10T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.", }, ], value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-319", description: "The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:55.865Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1204", }, ], source: { advisory: "SVD-2024-1204", }, title: "Sensitive Information Disclosure through SPL commands", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-53246", datePublished: "2024-12-10T18:01:16.803Z", dateReserved: "2024-11-19T18:30:28.773Z", dateUpdated: "2025-02-28T11:03:55.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43564 (GCVE-0-2022-43564)
Vulnerability from cvelistv5
Published
2022-11-04 22:20
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.12 Version: 8.2 < 8.2.9 Version: 9.0 < 9.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.627Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1104.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.12", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.9", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.2", status: "affected", version: "9.0", versionType: "custom", }, ], }, ], datePublic: "2022-11-02T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.</span><br>", }, ], value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T22:20:36.543Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1104.html", }, ], source: { advisory: "SVD-2022-1104", discovery: "INTERNAL", }, title: "Denial of Service in Splunk Enterprise through search macros", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-43564", datePublished: "2022-11-04T22:20:36.543Z", dateReserved: "2022-10-20T18:37:09.181Z", dateUpdated: "2024-08-03T13:32:59.627Z", requesterUserId: "d03a2723-f9e2-46d2-8173-16ee7d33f715", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22933 (GCVE-0-2023-22933)
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.467Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0203", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/9ac2bfea-a234-4a18-9d37-6d747e85c2e4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:44.416Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0203", }, { url: "https://research.splunk.com/application/9ac2bfea-a234-4a18-9d37-6d747e85c2e4", }, ], source: { advisory: "SVD-2023-0203", }, title: "Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22933", datePublished: "2023-02-14T17:22:40.081Z", dateReserved: "2023-01-10T21:39:55.583Z", dateUpdated: "2025-02-28T11:03:44.416Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-32152 (GCVE-0-2022-32152)
Vulnerability from cvelistv5
Published
2022-06-15 16:46
Modified
2024-09-17 02:02
Severity ?
EPSS score ?
Summary
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation | x_refsource_CONFIRM | |
| https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates | x_refsource_CONFIRM | |
| https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html | x_refsource_CONFIRM | |
| https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/ | x_refsource_CONFIRM | |
| https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/ | x_refsource_CONFIRM | |
| https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/ | x_refsource_CONFIRM | |
| https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.0 < 9.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:32:56.011Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.0", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "8.2.2203", status: "affected", version: "8.2", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Chris Green at Splunk", }, ], datePublic: "2022-06-14T00:00:00", descriptions: [ { lang: "en", value: "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295 Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-15T16:46:29", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, ], source: { advisory: "SVD-2022-0602", discovery: "INTERNAL", }, title: "Splunk Enterprise lacked TLS cert validation for Splunk-to-Splunk communication by default", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "prodsec@splunk.com", DATE_PUBLIC: "2022-06-14T11:55:00.000Z", ID: "CVE-2022-32152", STATE: "PUBLIC", TITLE: "Splunk Enterprise lacked TLS cert validation for Splunk-to-Splunk communication by default", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Splunk Enterprise", version: { version_data: [ { version_affected: "<", version_name: "9.0", version_value: "9.0", }, ], }, }, { product_name: "Splunk Cloud Platform", version: { version_data: [ { version_affected: "<", version_name: "8.2", version_value: "8.2.2203", }, ], }, }, ], }, vendor_name: "Splunk", }, ], }, }, credit: [ { lang: "eng", value: "Chris Green at Splunk", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-295 Improper Certificate Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", refsource: "CONFIRM", url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", refsource: "CONFIRM", url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { name: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html", refsource: "CONFIRM", url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html", }, { name: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { name: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { name: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { name: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", refsource: "CONFIRM", url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, ], }, source: { advisory: "SVD-2022-0602", discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-32152", datePublished: "2022-06-15T16:46:29.133423Z", dateReserved: "2022-05-31T00:00:00", dateUpdated: "2024-09-17T02:02:11.058Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-40597 (GCVE-0-2023-40597)
Vulnerability from cvelistv5
Published
2023-08-30 16:19
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.2 < 8.2.12 Version: 9.0 < 9.0.6 Version: 9.1 < 9.1.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.904Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0806", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.2.12", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.6", status: "affected", version: "9.0", versionType: "custom", }, { lessThan: "9.1.1", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud", vendor: "Splunk", versions: [ { lessThan: "9.0.2305.200", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-08-30T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.", }, ], value: "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-36", description: "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:56.356Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0806", }, { url: "https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/", }, ], source: { advisory: "SVD-2023-0806", }, title: "Absolute Path Traversal in Splunk Enterprise Using runshellscript.py", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-40597", datePublished: "2023-08-30T16:19:44.220Z", dateReserved: "2023-08-16T22:07:52.838Z", dateUpdated: "2025-02-28T11:03:56.356Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-36995 (GCVE-0-2024-36995)
Vulnerability from cvelistv5
Published
2024-07-01 16:52
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36995", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T20:49:54.901075Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T21:36:30.507Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.580Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0715", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "MrHack", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "The software does not perform an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:55.127Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0715", }, { url: "https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34", }, ], source: { advisory: "SVD-2024-0715", }, title: "Low-privileged user could create experimental items", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36995", datePublished: "2024-07-01T16:52:57.700Z", dateReserved: "2024-05-30T16:36:21.002Z", dateUpdated: "2025-02-28T11:03:55.127Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22937 (GCVE-0-2023-22937)
Vulnerability from cvelistv5
Published
2023-02-14 17:24
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.428Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0207", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "custom", }, ], }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:41.352Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0207", }, { url: "https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082/", }, ], source: { advisory: "SVD-2023-0207", }, title: "Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22937", datePublished: "2023-02-14T17:24:45.588Z", dateReserved: "2023-01-10T21:39:55.584Z", dateUpdated: "2025-02-28T11:03:41.352Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43572 (GCVE-0-2022-43572)
Vulnerability from cvelistv5
Published
2022-11-04 22:23
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.12 Version: 8.2 < 8.2.9 Version: 9.0 < 9.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.547Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.12", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.9", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.2", status: "affected", version: "9.0", versionType: "custom", }, ], }, ], datePublic: "2022-11-02T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing.</span><br>", }, ], value: "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T22:23:39.383Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html", }, ], source: { advisory: "SVD-2022-1112", discovery: "UNKNOWN", }, title: "Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-43572", datePublished: "2022-11-04T22:23:39.383Z", dateReserved: "2022-10-20T18:41:33.321Z", dateUpdated: "2024-08-03T13:32:59.547Z", requesterUserId: "d03a2723-f9e2-46d2-8173-16ee7d33f715", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43561 (GCVE-0-2022-43561)
Vulnerability from cvelistv5
Published
2022-11-03 22:06
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.12 Version: 8.2 < 8.2.9 Version: 9.0 < 9.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.806Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.12", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.9", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.2", status: "affected", version: "9.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Mr Hack (try_to_hack)", }, ], datePublic: "2022-11-02T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled.", }, ], value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-03T22:06:41.735Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html", }, { url: "https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20/", }, ], source: { advisory: "SVD-2022-1101", discovery: "EXTERNAL", }, title: "Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.splunk.com/Documentation/Splunk/8.2.5/Security/DisableunnecessarySplunkcomponents\">See Disable unnecessary Splunk Enterprise components</a><span style=\"background-color: rgb(255, 255, 255);\"> and the </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf\">web.conf</a><span style=\"background-color: rgb(255, 255, 255);\"> configuration specification file for more information on disabling Splunk Web.</span><br>", }, ], value: "If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See Disable unnecessary Splunk Enterprise components https://docs.splunk.com/Documentation/Splunk/8.2.5/Security/DisableunnecessarySplunkcomponents and the web.conf https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf configuration specification file for more information on disabling Splunk Web.\n", }, ], }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-43561", datePublished: "2022-11-03T22:06:41.735Z", dateReserved: "2022-10-20T18:37:09.181Z", dateUpdated: "2024-08-03T13:32:59.806Z", requesterUserId: "d03a2723-f9e2-46d2-8173-16ee7d33f715", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43565 (GCVE-0-2022-43565)
Vulnerability from cvelistv5
Published
2022-11-04 22:20
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.12 Version: 8.2 < 8.2.9 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.756Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1105.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.12", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.9", status: "affected", version: "8.2", versionType: "custom", }, ], }, ], datePublic: "2022-11-02T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards\">SPL safeguards for risky commands</a><span style=\"background-color: rgb(255, 255, 255);\">. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. </span><br>", }, ], value: "In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. \n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T22:20:55.783Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1105.html", }, ], source: { advisory: "SVD-2022-1105", discovery: "INTERNAL", }, title: "Risky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-43565", datePublished: "2022-11-04T22:20:55.783Z", dateReserved: "2022-10-20T18:37:09.181Z", dateUpdated: "2024-08-03T13:32:59.756Z", requesterUserId: "d03a2723-f9e2-46d2-8173-16ee7d33f715", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22940 (GCVE-0-2023-22940)
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.404Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0210", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2212", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "James Ervin, Splunk", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:47.020Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0210", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], source: { advisory: "SVD-2023-0210", }, title: "SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22940", datePublished: "2023-02-14T17:22:34.688Z", dateReserved: "2023-01-10T21:39:55.584Z", dateUpdated: "2025-02-28T11:03:47.020Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22941 (GCVE-0-2023-22941)
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-22941", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-20T19:25:24.577246Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:26:49.549Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.436Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0211", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2212", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "James Ervin, Splunk", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-248", description: "An exception is thrown from a function, but it is not caught.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:59.397Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0211", }, { url: "https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/", }, ], source: { advisory: "SVD-2023-0211", }, title: "Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22941", datePublished: "2023-02-14T17:22:37.444Z", dateReserved: "2023-01-10T21:39:55.584Z", dateUpdated: "2025-02-28T11:03:59.397Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-40598 (GCVE-0-2023-40598)
Vulnerability from cvelistv5
Published
2023-08-30 16:19
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.2 < 8.2.12 Version: 9.0 < 9.0.6 Version: 9.1 < 9.1.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.310Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0807", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40598", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T15:02:42.738200Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T15:02:58.607Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.2.12", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.6", status: "affected", version: "9.0", versionType: "custom", }, { lessThan: "9.1.1", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud", vendor: "Splunk", versions: [ { lessThan: "9.0.2305.200", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-08-30T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.", }, ], value: "In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:41.623Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0807", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], source: { advisory: "SVD-2023-0807", }, title: "Command Injection in Splunk Enterprise Using External Lookups", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-40598", datePublished: "2023-08-30T16:19:28.135Z", dateReserved: "2023-08-16T22:07:52.838Z", dateUpdated: "2025-02-28T11:03:41.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-36996 (GCVE-0-2024-36996)
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_enterprise", vendor: "splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.1.2312.109", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-36996", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T19:26:51.643823Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T21:00:22.102Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.582Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0716", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.109", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-204", description: "The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:41.084Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0716", }, ], source: { advisory: "SVD-2024-0716", }, title: "Information Disclosure of user names", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36996", datePublished: "2024-07-01T16:30:41.186Z", dateReserved: "2024-05-30T16:36:21.002Z", dateUpdated: "2025-02-28T11:03:41.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43568 (GCVE-0-2022-43568)
Vulnerability from cvelistv5
Published
2022-11-04 22:22
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.12 Version: 8.2 < 8.2.9 Version: 9.0 < 9.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.649Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1108.html", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/d532d105-c63f-4049-a8c4-e249127ca425/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.12", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.9", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.2", status: "affected", version: "9.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2022-11-02T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<br><span style=\"background-color: rgb(255, 255, 255);\">In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.</span><br>", }, ], value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T22:22:13.266Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1108.html", }, { url: "https://research.splunk.com/application/d532d105-c63f-4049-a8c4-e249127ca425/", }, ], source: { advisory: "SVD-2022-1108", discovery: "EXTERNAL", }, title: "Reflected Cross-Site Scripting via the radio template in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-43568", datePublished: "2022-11-04T22:22:13.266Z", dateReserved: "2022-10-20T18:37:09.182Z", dateUpdated: "2024-08-03T13:32:59.649Z", requesterUserId: "d03a2723-f9e2-46d2-8173-16ee7d33f715", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-45737 (GCVE-0-2024-45737)
Vulnerability from cvelistv5
Published
2024-10-14 17:03
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.1 Version: 9.2 < 9.2.3 Version: 9.1 < 9.1.6 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45737", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T15:44:26.102067Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T15:44:34.572Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.1", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2403.108", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.204", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-10-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).", }, ], value: "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:53.256Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1007", }, { url: "https://research.splunk.com/application/34bac267-a89b-4bd7-a072-a48eef1f15b8/", }, ], source: { advisory: "SVD-2024-1007", }, title: "Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF)", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-45737", datePublished: "2024-10-14T17:03:37.328Z", dateReserved: "2024-09-05T21:35:21.290Z", dateUpdated: "2025-02-28T11:03:53.256Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-32155 (GCVE-0-2022-32155)
Vulnerability from cvelistv5
Published
2022-06-15 16:49
Modified
2024-09-16 20:12
Severity ?
EPSS score ?
Summary
In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk, Inc | Universal Forwarder |
Version: 9.0 < 9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:32:56.013Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Universal Forwarder", vendor: "Splunk, Inc", versions: [ { lessThan: "9.0", status: "affected", version: "9.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Chris Green at Splunk", }, ], datePublic: "2022-06-14T00:00:00", descriptions: [ { lang: "en", value: "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.", }, ], providerMetadata: { dateUpdated: "2022-06-15T16:49:26", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security", }, ], source: { advisory: "SVD-2022-0605", discovery: "INTERNAL", }, title: "Universal Forwarder management services allows remote login by default", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "prodsec@splunk.com", DATE_PUBLIC: "2022-06-14T11:55:00.000Z", ID: "CVE-2022-32155", STATE: "PUBLIC", TITLE: "Universal Forwarder management services allows remote login by default", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Universal Forwarder", version: { version_data: [ { version_affected: "<", version_name: "9.0", version_value: "9.0", }, ], }, }, ], }, vendor_name: "Splunk, Inc", }, ], }, }, credit: [ { lang: "eng", value: "Chris Green at Splunk", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", refsource: "CONFIRM", url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { name: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html", refsource: "CONFIRM", url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html", }, { name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security", refsource: "CONFIRM", url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security", }, ], }, source: { advisory: "SVD-2022-0605", discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-32155", datePublished: "2022-06-15T16:49:26.618027Z", dateReserved: "2022-05-31T00:00:00", dateUpdated: "2024-09-16T20:12:22.106Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43563 (GCVE-0-2022-43563)
Vulnerability from cvelistv5
Published
2022-11-04 22:19
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.12 Version: 8.2 < 8.2.9 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.588Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.12", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.9", status: "affected", version: "8.2", versionType: "custom", }, ], }, ], datePublic: "2022-11-02T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards\">SPL safeguards for risky commands</a><span style=\"background-color: rgb(255, 255, 255);\">. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.</span><br>", }, ], value: "In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T22:19:55.669Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html", }, ], source: { advisory: "SVD-2022-1103", discovery: "INTERNAL", }, title: "Risky command safeguards bypass via rex search command field names in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-43563", datePublished: "2022-11-04T22:19:55.669Z", dateReserved: "2022-10-20T18:37:09.181Z", dateUpdated: "2024-08-03T13:32:59.588Z", requesterUserId: "d03a2723-f9e2-46d2-8173-16ee7d33f715", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-32706 (GCVE-0-2023-32706)
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.896Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0601", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32706", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-07T20:39:32.865384Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T19:39:54.425Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "9.0.2303 and below", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Vikram Ashtaputre, Splunk", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.", }, ], value: "On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:44.652Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0601", }, ], source: { advisory: "SVD-2023-0601", }, title: "Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32706", datePublished: "2023-06-01T16:34:28.142Z", dateReserved: "2023-05-11T20:55:59.871Z", dateUpdated: "2025-02-28T11:03:44.652Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-32153 (GCVE-0-2022-32153)
Vulnerability from cvelistv5
Published
2022-06-15 16:48
Modified
2024-09-16 16:43
Severity ?
EPSS score ?
Summary
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation | x_refsource_CONFIRM | |
| https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates | x_refsource_CONFIRM | |
| https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/ | x_refsource_CONFIRM | |
| https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/ | x_refsource_CONFIRM | |
| https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/ | x_refsource_CONFIRM | |
| https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/ | x_refsource_CONFIRM | |
| https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk, Inc | Splunk Enterprise |
Version: 9.0 < 9.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:32:56.026Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk, Inc", versions: [ { lessThan: "9.0", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk, Inc", versions: [ { lessThan: "8.2.2203", status: "affected", version: "8.2", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Chris Green at Splunk", }, ], datePublic: "2022-06-14T00:00:00", descriptions: [ { lang: "en", value: "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-297", description: "CWE-297 Improper Validation of Certificate with Host Mismatch", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-15T16:48:21", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html", }, ], source: { advisory: "SVD-2022-0603", discovery: "INTERNAL", }, title: "Splunk Enterprise lacked TLS host name validation", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "prodsec@splunk.com", DATE_PUBLIC: "2022-06-14T11:55:00.000Z", ID: "CVE-2022-32153", STATE: "PUBLIC", TITLE: "Splunk Enterprise lacked TLS host name validation", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Splunk Enterprise", version: { version_data: [ { version_affected: "<", version_name: "9.0", version_value: "9.0", }, ], }, }, { product_name: "Splunk Cloud Platform", version: { version_data: [ { version_affected: "<", version_name: "8.2", version_value: "8.2.2203", }, ], }, }, ], }, vendor_name: "Splunk, Inc", }, ], }, }, credit: [ { lang: "eng", value: "Chris Green at Splunk", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-297 Improper Validation of Certificate with Host Mismatch", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", refsource: "CONFIRM", url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", refsource: "CONFIRM", url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { name: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { name: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { name: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { name: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", refsource: "CONFIRM", url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, { name: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html", refsource: "CONFIRM", url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html", }, ], }, source: { advisory: "SVD-2022-0603", discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-32153", datePublished: "2022-06-15T16:48:21.566031Z", dateReserved: "2022-05-31T00:00:00", dateUpdated: "2024-09-16T16:43:11.526Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-37438 (GCVE-0-2022-37438)
Vulnerability from cvelistv5
Published
2022-08-16 19:49
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html | x_refsource_CONFIRM | |
| https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.0 < 9.0.1 Version: 8.2 < 8.2.7.1 Version: 8.1 < 8.1.11 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:21.035Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.0.1", status: "affected", version: "9.0", versionType: "custom", }, { lessThan: "8.2.7.1", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "8.1.11", status: "affected", version: "8.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2205", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Eric LaMothe at Splunk", }, ], datePublic: "2022-08-16T00:00:00", descriptions: [ { lang: "en", value: "In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-17T20:02:14", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6", }, ], source: { advisory: "SVD-2022-0802", defect: [ "SPL-221531", ], discovery: "INTERNAL", }, title: "Information disclosure via the dashboard drilldown in Splunk Enterprise", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "prodsec@splunk.com", DATE_PUBLIC: "2022-08-16T16:00:00.000Z", ID: "CVE-2022-37438", STATE: "PUBLIC", TITLE: "Information disclosure via the dashboard drilldown in Splunk Enterprise", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Splunk Enterprise", version: { version_data: [ { version_affected: "<", version_name: "9.0", version_value: "9.0.1", }, { version_affected: "<", version_name: "8.2", version_value: "8.2.7.1", }, { version_affected: "<", version_name: "8.1", version_value: "8.1.11", }, ], }, }, { product_name: "Splunk Cloud Platform", version: { version_data: [ { version_affected: "<", version_value: "9.0.2205", }, ], }, }, ], }, vendor_name: "Splunk", }, ], }, }, credit: [ { lang: "eng", value: "Eric LaMothe at Splunk", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html", refsource: "CONFIRM", url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html", }, { name: "https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6", refsource: "CONFIRM", url: "https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6", }, ], }, source: { advisory: "SVD-2022-0802", defect: [ "SPL-221531", ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-37438", datePublished: "2022-08-16T19:49:23.763068Z", dateReserved: "2022-08-05T00:00:00", dateUpdated: "2024-09-17T01:46:12.412Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43571 (GCVE-0-2022-43571)
Vulnerability from cvelistv5
Published
2022-11-03 22:56
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.12 Version: 8.2 < 8.2.9 Version: 9.0 < 9.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.741Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/b06b41d7-9570-4985-8137-0784f582a1b3/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.12", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.9", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.2", status: "affected", version: "9.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2022-11-03T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.</p>", }, ], value: "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code (Code Injection)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-03T22:56:44.862Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html", }, { url: "https://research.splunk.com/application/b06b41d7-9570-4985-8137-0784f582a1b3/", }, ], source: { advisory: "SVD-2022-1111", discovery: "EXTERNAL", }, title: "Remote Code Execution through dashboard PDF generation component in Splunk Enterprise", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-43571", datePublished: "2022-11-03T22:56:44.862Z", dateReserved: "2022-10-20T18:37:09.183Z", dateUpdated: "2024-08-03T13:32:59.741Z", requesterUserId: "d03a2723-f9e2-46d2-8173-16ee7d33f715", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-36997 (GCVE-0-2024-36997)
Vulnerability from cvelistv5
Published
2024-07-01 16:57
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", ], defaultStatus: "unknown", product: "splunk", vendor: "splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.1.2312.100", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-36997", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T14:17:17.349360Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T17:32:06.701Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0717", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.100", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "STÖK / Fredrik Alexandersson", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:50.355Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0717", }, { url: "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c", }, ], source: { advisory: "SVD-2024-0717", }, title: "Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36997", datePublished: "2024-07-01T16:57:47.904Z", dateReserved: "2024-05-30T16:36:21.002Z", dateUpdated: "2025-02-28T11:03:50.355Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-32154 (GCVE-0-2022-32154)
Vulnerability from cvelistv5
Published
2022-06-15 16:48
Modified
2024-09-16 20:11
Severity ?
EPSS score ?
Summary
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk, Inc | Splunk Enterprise |
Version: 9.0 < 9.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:32:55.969Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk, Inc", versions: [ { lessThan: "9.0", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk, Inc", versions: [ { lessThan: "8.2.2106", status: "affected", version: "8.2", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Chris Green at Splunk", }, { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2022-06-14T00:00:00", descriptions: [ { lang: "en", value: "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-15T16:48:46", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/", }, ], source: { advisory: "SVD-2022-0604", discovery: "INTERNAL", }, title: "Risky commands warnings in Splunk Enterprise Dashboards", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "prodsec@splunk.com", DATE_PUBLIC: "2022-06-14T11:55:00.000Z", ID: "CVE-2022-32154", STATE: "PUBLIC", TITLE: "Risky commands warnings in Splunk Enterprise Dashboards", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Splunk Enterprise", version: { version_data: [ { version_affected: "<", version_name: "9.0", version_value: "9.0", }, ], }, }, { product_name: "Splunk Cloud Platform", version: { version_data: [ { version_affected: "<", version_name: "8.2", version_value: "8.2.2106", }, ], }, }, ], }, vendor_name: "Splunk, Inc", }, ], }, }, credit: [ { lang: "eng", value: "Chris Green at Splunk", }, { lang: "eng", value: "Danylo Dmytriiev (DDV_UA)", }, { lang: "eng", value: "Anton (therceman)", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20 Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", refsource: "CONFIRM", url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { name: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html", refsource: "CONFIRM", url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html", }, { name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands", refsource: "CONFIRM", url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands", }, { name: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/", }, { name: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/", }, { name: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/", }, ], }, source: { advisory: "SVD-2022-0604", discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-32154", datePublished: "2022-06-15T16:48:46.918488Z", dateReserved: "2022-05-31T00:00:00", dateUpdated: "2024-09-16T20:11:36.885Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22932 (GCVE-0-2023-22932)
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.421Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0202", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Tim Coen (foobar7)", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.", }, ], value: "In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:57.639Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0202", }, { url: "https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/", }, ], source: { advisory: "SVD-2023-0202", }, title: "Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22932", datePublished: "2023-02-14T17:22:38.739Z", dateReserved: "2023-01-10T21:39:55.583Z", dateUpdated: "2025-02-28T11:03:57.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-36994 (GCVE-0-2024-36994)
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36994", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T18:38:06.384849Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-01T21:02:28.232Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0714", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/b0a67520-ae82-4cf6-b04e-9f6cce56830d", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:49.669Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0714", }, { url: "https://research.splunk.com/application/b0a67520-ae82-4cf6-b04e-9f6cce56830d", }, ], source: { advisory: "SVD-2024-0714", }, title: "Persistent Cross-site Scripting (XSS) in Dashboard Elements", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36994", datePublished: "2024-07-01T16:30:40.653Z", dateReserved: "2024-05-30T16:36:21.002Z", dateUpdated: "2025-02-28T11:03:49.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-53244 (GCVE-0-2024-53244)
Vulnerability from cvelistv5
Published
2024-12-10 18:01
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.2 Version: 9.2 < 9.2.4 Version: 9.1 < 9.1.7 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53244", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T20:39:35.464246Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T21:13:39.636Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.2", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.4", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.7", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2406.107", status: "affected", version: "9.2.2406", versionType: "custom", }, { lessThan: "9.2.2403.109", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.206", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], datePublic: "2024-12-10T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.", }, ], value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:44.167Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1202", }, ], source: { advisory: "SVD-2024-1202", }, title: "Risky command safeguards bypass in “/en-US/app/search/report“ endpoint through “s“ parameter", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-53244", datePublished: "2024-12-10T18:01:24.534Z", dateReserved: "2024-11-19T18:30:28.773Z", dateUpdated: "2025-02-28T11:03:44.167Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43567 (GCVE-0-2022-43567)
Vulnerability from cvelistv5
Published
2022-11-04 22:21
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.12 Version: 8.2 < 8.2.9 Version: 9.0 < 9.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.758Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.12", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.9", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.2", status: "affected", version: "9.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2022-11-02T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.</span><br>", }, ], value: "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T22:21:50.819Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html", }, { url: "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/", }, ], source: { advisory: "SVD-2022-1107", discovery: "EXTERNAL", }, title: "Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-43567", datePublished: "2022-11-04T22:21:50.819Z", dateReserved: "2022-10-20T18:37:09.182Z", dateUpdated: "2024-08-03T13:32:59.758Z", requesterUserId: "d03a2723-f9e2-46d2-8173-16ee7d33f715", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-40592 (GCVE-0-2023-40592)
Vulnerability from cvelistv5
Published
2023-08-30 16:19
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.2 < 8.2.12 Version: 9.0 < 9.0.6 Version: 9.1 < 9.1.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:51.006Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0801", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/182f9080-4137-4629-94ac-cb1083ac981a/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40592", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T15:01:26.702492Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T15:01:39.783Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.2.12", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.6", status: "affected", version: "9.0", versionType: "custom", }, { lessThan: "9.1.1", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud", vendor: "Splunk", versions: [ { lessThan: "9.0.2305.200", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-08-30T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.", }, ], value: "In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:48.911Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0801", }, { url: "https://research.splunk.com/application/182f9080-4137-4629-94ac-cb1083ac981a/", }, ], source: { advisory: "SVD-2023-0801", }, title: "Reflected Cross-site Scripting (XSS) on \"/app/search/table\" web endpoint", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-40592", datePublished: "2023-08-30T16:19:38.525Z", dateReserved: "2023-08-16T22:07:52.837Z", dateUpdated: "2025-02-28T11:03:48.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-45732 (GCVE-0-2024-45732)
Vulnerability from cvelistv5
Published
2024-10-14 17:03
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.1 Version: 9.2 < 9.2.3 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_enterprise", vendor: "splunk", versions: [ { lessThan: "9.3.1", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.2.2403.103", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { status: "unaffected", version: "9.1.2312.110", }, { lessThan: "9.1.2308.208", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45732", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T16:30:27.363227Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T16:34:10.045Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.1", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2403.103", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.110, 9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.208", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-10-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could run a search as the \"nobody\" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.", }, ], value: "In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could run a search as the \"nobody\" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "The software does not perform an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:50.807Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1002", }, { url: "https://research.splunk.com/application/f765c3fe-c3b6-4afe-a932-11dd4f3a024f/", }, ], source: { advisory: "SVD-2024-1002", }, title: "Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-45732", datePublished: "2024-10-14T17:03:35.668Z", dateReserved: "2024-09-05T21:35:21.290Z", dateUpdated: "2025-02-28T11:03:50.807Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-32708 (GCVE-0-2023-32708)
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.584Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0603", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.", }, ], value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-113", description: "The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:58.212Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0603", }, { url: "https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c/", }, ], source: { advisory: "SVD-2023-0603", }, title: "HTTP Response Splitting via the ‘rest’ SPL Command", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32708", datePublished: "2023-06-01T16:34:27.126Z", dateReserved: "2023-05-11T20:55:59.871Z", dateUpdated: "2025-02-28T11:03:58.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22938 (GCVE-0-2023-22938)
Vulnerability from cvelistv5
Published
2023-02-14 17:24
Modified
2025-03-19 18:53
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.381Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0208", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22938", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-19T18:52:55.146561Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-19T18:53:03.165Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2212", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "James Ervin, Splunk", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:51.816Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0208", }, ], source: { advisory: "SVD-2023-0208", }, title: "Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22938", datePublished: "2023-02-14T17:24:46.893Z", dateReserved: "2023-01-10T21:39:55.584Z", dateUpdated: "2025-03-19T18:53:03.165Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-40593 (GCVE-0-2023-40593)
Vulnerability from cvelistv5
Published
2023-08-30 16:19
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.2 < 8.2.12 Version: 9.0 < 9.0.6 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.977Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0802", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.2.12", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.6", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud", vendor: "Splunk", versions: [ { lessThan: "9.0.2205", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Aaron Devaney (Dodekeract)", }, ], datePublic: "2023-08-30T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.", }, ], value: "In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:56.605Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0802", }, { url: "https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/", }, ], source: { advisory: "SVD-2023-0802", }, title: "Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-40593", datePublished: "2023-08-30T16:19:41.308Z", dateReserved: "2023-08-16T22:07:52.838Z", dateUpdated: "2025-02-28T11:03:56.605Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22934 (GCVE-0-2023-22934)
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk", vendor: "splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "semver", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "semver", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-22934", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-13T20:46:42.856991Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:36:23.394Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.425Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0204", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:58.707Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0204", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], source: { advisory: "SVD-2023-0204", }, title: "SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22934", datePublished: "2023-02-14T17:22:35.427Z", dateReserved: "2023-01-10T21:39:55.583Z", dateUpdated: "2025-02-28T11:03:58.707Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-53245 (GCVE-0-2024-53245)
Vulnerability from cvelistv5
Published
2024-12-10 18:00
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.4 Version: 9.1 < 9.1.7 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53245", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T20:39:39.289128Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T21:14:03.947Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.4", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.7", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.206", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], datePublic: "2024-12-10T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.", }, ], value: "In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:55.614Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1203", }, ], source: { advisory: "SVD-2024-1203", }, title: "Information Disclosure due to Username Collision with a Role that has the same Name as the User", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-53245", datePublished: "2024-12-10T18:00:33.254Z", dateReserved: "2024-11-19T18:30:28.773Z", dateUpdated: "2025-02-28T11:03:55.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-36993 (GCVE-0-2024-36993)
Vulnerability from cvelistv5
Published
2024-07-01 16:54
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36993", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T14:26:09.747401Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T15:44:23.469Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.602Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0713", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/fd852b27-1882-4505-9f2c-64dfb96f4fc1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:40.785Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0713", }, { url: "https://research.splunk.com/application/fd852b27-1882-4505-9f2c-64dfb96f4fc1", }, ], source: { advisory: "SVD-2024-0713", }, title: "Persistent Cross-site Scripting (XSS) in Web Bulletin", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36993", datePublished: "2024-07-01T16:54:35.379Z", dateReserved: "2024-05-30T16:36:21.002Z", dateUpdated: "2025-02-28T11:03:40.785Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-32709 (GCVE-0-2023-32709)
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.020Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0604", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32709", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-08T21:01:02.556322Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T21:01:15.599Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.", }, ], value: "In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:52.521Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0604", }, { url: "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/", }, ], source: { advisory: "SVD-2023-0604", }, title: "Low-privileged User can View Hashed Default Splunk Password", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32709", datePublished: "2023-06-01T16:34:30.933Z", dateReserved: "2023-05-11T20:55:59.871Z", dateUpdated: "2025-02-28T11:03:52.521Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-40595 (GCVE-0-2023-40595)
Vulnerability from cvelistv5
Published
2023-08-30 16:19
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.2 < 8.2.12 Version: 9.0 < 9.0.6 Version: 9.1 < 9.1.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.989Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0804", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/d1d8fda6-874a-400f-82cf-dcbb59d8e4db/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.2.12", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.6", status: "affected", version: "9.0", versionType: "custom", }, { lessThan: "9.1.1", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud", vendor: "Splunk", versions: [ { lessThan: "9.0.2305.200", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-08-30T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.", }, ], value: "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:49.175Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0804", }, { url: "https://research.splunk.com/application/d1d8fda6-874a-400f-82cf-dcbb59d8e4db/", }, ], source: { advisory: "SVD-2023-0804", }, title: "Remote Code Execution via Serialized Session Payload", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-40595", datePublished: "2023-08-30T16:19:29.761Z", dateReserved: "2023-08-16T22:07:52.838Z", dateUpdated: "2025-02-28T11:03:49.175Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22939 (GCVE-0-2023-22939)
Vulnerability from cvelistv5
Published
2023-02-14 17:24
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.457Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0209", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22939", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-27T18:25:52.800078Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-27T18:26:08.101Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Klevis Luli, Splunk", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:47.779Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0209", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], source: { advisory: "SVD-2023-0209", }, title: "SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22939", datePublished: "2023-02-14T17:24:47.539Z", dateReserved: "2023-01-10T21:39:55.584Z", dateUpdated: "2025-02-28T11:03:47.779Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-43569 (GCVE-0-2022-43569)
Vulnerability from cvelistv5
Published
2022-11-04 22:22
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.12 Version: 8.2 < 8.2.9 Version: 9.0 < 9.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.647Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1109.html", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/062bff76-5f9c-496e-a386-cb1adcf69871/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.12", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.9", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.2", status: "affected", version: "9.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2022-11-02T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.</span><br>", }, ], value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T22:22:31.895Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1109.html", }, { url: "https://research.splunk.com/application/062bff76-5f9c-496e-a386-cb1adcf69871/", }, ], source: { advisory: "SVD-2022-1109", discovery: "EXTERNAL", }, title: "Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-43569", datePublished: "2022-11-04T22:22:31.895Z", dateReserved: "2022-10-20T18:37:09.182Z", dateUpdated: "2024-08-03T13:32:59.647Z", requesterUserId: "d03a2723-f9e2-46d2-8173-16ee7d33f715", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-22936 (GCVE-0-2023-22936)
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.429Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0206", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:49.899Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0206", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], source: { advisory: "SVD-2023-0206", }, title: "Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22936", datePublished: "2023-02-14T17:22:38.050Z", dateReserved: "2023-01-10T21:39:55.583Z", dateUpdated: "2025-02-28T11:03:49.899Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-32707 (GCVE-0-2023-32707)
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-03-11 15:02
Severity ?
EPSS score ?
Summary
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.042Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0602", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32707", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-06T15:27:23.298660Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T15:02:44.575Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Mr Hack (try_to_hack) Santiago Lopez", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.", }, ], value: "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:56.837Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0602", }, { url: "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/", }, ], source: { advisory: "SVD-2023-0602", }, title: "‘edit_user’ Capability Privilege Escalation", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32707", datePublished: "2023-06-01T16:34:30.607Z", dateReserved: "2023-05-11T20:55:59.871Z", dateUpdated: "2025-03-11T15:02:44.575Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-45735 (GCVE-0-2024-45735)
Vulnerability from cvelistv5
Published
2024-10-14 16:45
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.3 Version: 9.1 < 9.1.6 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_enterprise", vendor: "splunk", versions: [ { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_secure_gateway:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_secure_gateway", vendor: "splunk", versions: [ { lessThan: "3.6.17", status: "affected", version: "3.6", versionType: "custom", }, { lessThan: "3.4.259", status: "affected", version: "3.4", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45735", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T19:22:41.212370Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T22:27:41.914Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Secure Gateway", vendor: "Splunk", versions: [ { lessThan: "3.6.17", status: "affected", version: "3.6", versionType: "custom", }, { lessThan: "3.4.259", status: "affected", version: "3.4", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Gabriel Nitu, Splunk", }, ], datePublic: "2024-10-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.", }, ], value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:52.049Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1005", }, { url: "https://research.splunk.com/application/0a3d6035-7bef-4dfa-b01e-84349edac3b4/", }, ], source: { advisory: "SVD-2024-1005", }, title: "Improper Access Control for low-privileged user in Splunk Secure Gateway App", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-45735", datePublished: "2024-10-14T16:45:54.667Z", dateReserved: "2024-09-05T21:35:21.290Z", dateUpdated: "2025-02-28T11:03:52.049Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-45740 (GCVE-0-2024-45740)
Vulnerability from cvelistv5
Published
2024-10-14 17:03
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.3 Version: 9.1 < 9.1.6 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45740", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:37:44.276401Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T17:37:53.294Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2403.100", status: "affected", version: "9.2.2403", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2024-10-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:58.462Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1010", }, { url: "https://research.splunk.com/application/d4f55f7c-6518-4122-a197-951fe0f21b25/", }, ], source: { advisory: "SVD-2024-1010", }, title: "Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-45740", datePublished: "2024-10-14T17:03:29.360Z", dateReserved: "2024-09-05T21:35:21.291Z", dateUpdated: "2025-02-28T11:03:58.462Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-45736 (GCVE-0-2024-45736)
Vulnerability from cvelistv5
Published
2024-10-14 17:03
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.1 Version: 9.2 < 9.2.3 Version: 9.1 < 9.1.6 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_enterprise", vendor: "splunk", versions: [ { lessThan: "9.3.1", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.2.2403.107", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.204", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2312.111", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45736", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T16:36:03.459233Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T16:40:23.384Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.1", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2403.107", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.204", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2312.111", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2024-10-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a search query with an improperly formatted \"INGEST_EVAL\" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).", }, ], value: "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a search query with an improperly formatted \"INGEST_EVAL\" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:54.861Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1006", }, { url: "https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/", }, ], source: { advisory: "SVD-2024-1006", }, title: "Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-45736", datePublished: "2024-10-14T17:03:34.828Z", dateReserved: "2024-09-05T21:35:21.290Z", dateUpdated: "2025-02-28T11:03:54.861Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-36992 (GCVE-0-2024-36992)
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36992", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T20:51:04.772976Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T21:36:57.174Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.532Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0712", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:53.510Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0712", }, ], source: { advisory: "SVD-2024-0712", }, title: "Persistent Cross-site Scripting (XSS) in Dashboard Elements", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36992", datePublished: "2024-07-01T16:30:51.507Z", dateReserved: "2024-05-30T16:36:21.001Z", dateUpdated: "2025-02-28T11:03:53.510Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-32717 (GCVE-0-2023-32717)
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.651Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0612", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Scott Calvert, Splunk", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.", }, ], value: "On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:51.073Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0612", }, { url: "https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8/", }, ], source: { advisory: "SVD-2023-0612", }, title: "Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32717", datePublished: "2023-06-01T16:34:28.464Z", dateReserved: "2023-05-11T20:55:59.872Z", dateUpdated: "2025-02-28T11:03:51.073Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-36990 (GCVE-0-2024-36990)
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36990", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T14:22:35.192684Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T15:44:40.147Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.595Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0710", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/45766810-dbb2-44d4-b889-b4ba3ee0d1f5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.202", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2312.109", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.209", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-835", description: "The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:44.950Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0710", }, { url: "https://research.splunk.com/application/45766810-dbb2-44d4-b889-b4ba3ee0d1f5", }, ], source: { advisory: "SVD-2024-0710", }, title: "Denial of Service (DoS) on the datamodel/web REST endpoint", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36990", datePublished: "2024-07-01T16:30:57.995Z", dateReserved: "2024-05-30T16:36:21.001Z", dateUpdated: "2025-02-28T11:03:44.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-40594 (GCVE-0-2023-40594)
Vulnerability from cvelistv5
Published
2023-08-30 16:19
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.2 < 8.2.12 Version: 9.0 < 9.0.6 Version: 9.1 < 9.1.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.464Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0803", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/78b48d08-075c-4eac-bd07-e364c3780867/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40594", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-08T13:06:09.286043Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T19:41:36.393Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.2.12", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.6", status: "affected", version: "9.0", versionType: "custom", }, { lessThan: "9.1.1", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-08-30T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.", }, ], value: "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:47.517Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0803", }, { url: "https://research.splunk.com/application/78b48d08-075c-4eac-bd07-e364c3780867/", }, ], source: { advisory: "SVD-2023-0803", }, title: "Denial of Service (DoS) via the ‘printf’ Search Function", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-40594", datePublished: "2023-08-30T16:19:40.677Z", dateReserved: "2023-08-16T22:07:52.838Z", dateUpdated: "2025-02-28T11:03:47.517Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-06-01 17:15
Modified
2024-11-21 08:03
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5", versionEndExcluding: "8.1.14", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3", versionEndExcluding: "8.2.11", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596", versionEndExcluding: "9.0.5", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "97F2BD15-F25B-488B-B2AC-AD33239B4A27", versionEndExcluding: "9.0.2303.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.", }, ], id: "CVE-2023-32709", lastModified: "2024-11-21T08:03:53.537", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-01T17:15:10.227", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0604", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-01 17:15
Modified
2024-11-21 09:22
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591", versionEndExcluding: "9.0.10", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B1342052-4733-49BB-95F0-A89B07A3F2E3", versionEndExcluding: "9.2.2", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "EB94FF10-C6C8-44AD-B2F7-F22EE03FAD60", versionEndIncluding: "9.1.2308.207", versionStartIncluding: "9.1.2308", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "7783EE7D-586D-4245-9B62-204240F5B6A3", versionEndExcluding: "9.1.2312.200", versionStartIncluding: "9.1.2312", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga las funciones de administrador o poder de Splunk podría crear un payload malicioso a través de una vista y mensajes de boletines web de Splunk que podrían resultar en la ejecución de código JavaScript no autorizado en el navegador de un usuario.", }, ], id: "CVE-2024-36994", lastModified: "2024-11-21T09:22:59.757", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-01T17:15:08.500", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0714", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/b0a67520-ae82-4cf6-b04e-9f6cce56830d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0714", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/b0a67520-ae82-4cf6-b04e-9f6cce56830d", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 18:15
Modified
2024-11-21 07:45
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "24C628AD-CF89-4FD5-B58F-38D150D2F535", versionEndExcluding: "8.1.13", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", versionEndExcluding: "8.2.10", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", versionEndExcluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "8AF379C7-8910-4C30-882A-4CE9F9C9992C", versionEndExcluding: "9.0.2209.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.", }, ], id: "CVE-2023-22936", lastModified: "2024-11-21T07:45:40.567", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T18:15:12.460", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0206", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 18:15
Modified
2024-11-21 07:45
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "24C628AD-CF89-4FD5-B58F-38D150D2F535", versionEndExcluding: "8.1.13", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", versionEndExcluding: "8.2.10", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", versionEndExcluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "8AF379C7-8910-4C30-882A-4CE9F9C9992C", versionEndExcluding: "9.0.2209.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.", }, ], id: "CVE-2023-22940", lastModified: "2024-11-21T07:45:41.120", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 4.2, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T18:15:12.760", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0210", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0210", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-04 23:15
Modified
2024-11-21 07:26
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "697F9803-FC99-4149-A4E5-55A3A8CB1D18", versionEndExcluding: "8.1.12", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07617B0C-3704-4DB5-B416-94B77A5C2EEE", versionEndExcluding: "8.2.9", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "867EFF29-96B9-44EF-93CE-8E7DB77B086E", versionEndExcluding: "9.0.2", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "8E99A24B-2F6D-4688-BAFA-8E40A5954875", versionEndExcluding: "9.0.2205", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.\n", }, { lang: "es", value: "En las versiones de Splunk Enterprise anteriores a 8.1.12, 8.2.9 y 9.0.2, una vista permite un Reflect Cross Site Scripting a través de JavaScript Object Notation (JSON) en un parámetro de consulta cuando output_mode=radio.", }, ], id: "CVE-2022-43568", lastModified: "2024-11-21T07:26:48.200", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-04T23:15:10.210", references: [ { source: "prodsec@splunk.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/d532d105-c63f-4049-a8c4-e249127ca425/", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1108.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/d532d105-c63f-4049-a8c4-e249127ca425/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1108.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-30 17:15
Modified
2024-11-21 08:19
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "21F6F824-393F-424F-85DF-CD3FCB40452F", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "74A23E71-6A34-48A5-8087-B626BED870E0", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:9.1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "A4F2BC82-AD4C-4D80-8200-C2371E7C04F1", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "A2A0FF7F-1171-42D4-A27B-689541F4BC32", versionEndIncluding: "9.0.2305.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.", }, ], id: "CVE-2023-40597", lastModified: "2024-11-21T08:19:47.677", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.1, impactScore: 6, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-30T17:15:10.180", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0806", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0806", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-36", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-14 17:15
Modified
2024-10-16 22:19
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | 9.3.0 | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "FB935ACC-3899-47DE-B4C0-CB94CAC79AC2", versionEndExcluding: "9.1.6", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "14D07F5E-504B-447B-988B-BF6ADA59F8D1", versionEndExcluding: "9.2.3", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:9.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "11F038B4-1335-4F4E-9013-E6D6152DCD20", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "15F34E1D-7623-4A3F-A67E-01A11615DD27", versionEndExcluding: "9.1.2312.111", versionStartIncluding: "9.1.2312", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "1A5FE71F-0F59-4553-9480-AFA1CED9255E", versionEndExcluding: "9.1.2312.204", versionStartIncluding: "9.1.2312.200", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "CCE7C5DF-BC89-4789-94DA-5F8D2D86C7DE", versionEndExcluding: "9.2.2403.107", versionStartIncluding: "9.2.2403.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a search query with an improperly formatted \"INGEST_EVAL\" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).", }, { lang: "es", value: "En las versiones de Splunk Enterprise anteriores a 9.3.1, 9.2.3 y 9.1.6 y en las versiones de Splunk Cloud Platform anteriores a 9.2.2403.107, 9.1.2312.204 y 9.1.2312.111, un usuario con privilegios bajos que no tenga los roles de \"administrador\" o \"poder\" de Splunk podría crear una consulta de búsqueda con un parámetro \"INGEST_EVAL\" con formato incorrecto como parte de una [Transformación de campo](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) que podría bloquear el daemon de Splunk (splunkd).", }, ], id: "CVE-2024-45736", lastModified: "2024-10-16T22:19:44.507", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-14T17:15:12.253", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-1006", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-10 18:15
Modified
2025-03-10 16:41
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| prodsec@splunk.com | https://advisory.splunk.com/advisories/SVD-2024-1204 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "6653C37D-03C0-47C1-BC9C-510EBB0CB4BE", versionEndExcluding: "9.1.7", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E31DE8DF-1AAD-4570-93E3-711C07FE1227", versionEndExcluding: "9.2.4", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "A709D871-A35B-4CF2-A9D7-23CE29D0A8C6", versionEndExcluding: "9.3.2", versionStartIncluding: "9.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "C0338CF9-1AC9-4F45-9A68-06172C6B36A1", versionEndExcluding: "9.1.2312.206", versionStartIncluding: "9.1.2312", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "4A95FCF8-8741-4577-8A0D-BDE7DCC1B720", versionEndExcluding: "9.2.2403.111", versionStartIncluding: "9.2.2403", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "62C1B5C7-2523-464D-9114-5C9F07AAEE9F", versionEndExcluding: "9.2.2406.106", versionStartIncluding: "9.2.2406", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "9AF2CBAC-EF5D-4E0A-8B8D-900583D44876", versionEndExcluding: "9.3.2408.101", versionStartIncluding: "9.3.2408", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.", }, { lang: "es", value: "En las versiones de Splunk Enterprise anteriores a 9.3.2, 9.2.4 y 9.1.7 y en las versiones de Splunk Cloud Platform anteriores a 9.3.2408.101, 9.2.2406.106, 9.2.2403.111 y 9.1.2312.206, un comando SPL puede revelar información confidencial. La vulnerabilidad requiere la explotación de otra vulnerabilidad, como Risky Commands Bypass, para una explotación exitosa.", }, ], id: "CVE-2024-53246", lastModified: "2025-03-10T16:41:47.730", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-12-10T18:15:41.553", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-1204", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-319", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-319", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-01 17:15
Modified
2025-03-07 17:20
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591", versionEndExcluding: "9.0.10", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B1342052-4733-49BB-95F0-A89B07A3F2E3", versionEndExcluding: "9.2.2", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "6F3B2826-B4B5-4A28-9E8E-0159803CC851", versionEndExcluding: "9.1.2312.100", versionStartIncluding: "9.1.2312", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312, un usuario administrador podría almacenar y ejecutar código JavaScript arbitrario en el contexto del navegador de otro usuario de Splunk a través de conf-web/settings endpoint REST. Potencialmente, esto podría provocar un exploit de cross-site scripting (XSS) persistente.", }, ], id: "CVE-2024-36997", lastModified: "2025-03-07T17:20:49.303", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 5.8, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 5.8, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-01T17:15:09.143", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0717", }, { source: "prodsec@splunk.com", tags: [ "Tool Signature", ], url: "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Tool Signature", ], url: "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-04 23:15
Modified
2024-11-21 07:26
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "697F9803-FC99-4149-A4E5-55A3A8CB1D18", versionEndExcluding: "8.1.12", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07617B0C-3704-4DB5-B416-94B77A5C2EEE", versionEndExcluding: "8.2.9", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "8E99A24B-2F6D-4688-BAFA-8E40A5954875", versionEndExcluding: "9.0.2205", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario remoto que puede crear macros de búsqueda y programar informes de búsqueda puede provocar una denegación de servicio mediante el uso de macros de búsqueda especialmente manipulados.", }, ], id: "CVE-2022-43564", lastModified: "2024-11-21T07:26:47.640", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-04T23:15:09.960", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1104.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1104.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-01 17:15
Modified
2024-11-21 08:03
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5", versionEndExcluding: "8.1.14", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3", versionEndExcluding: "8.2.11", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596", versionEndExcluding: "9.0.5", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "97F2BD15-F25B-488B-B2AC-AD33239B4A27", versionEndExcluding: "9.0.2303.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.", }, ], id: "CVE-2023-32717", lastModified: "2024-11-21T08:03:54.560", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-01T17:15:10.687", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0612", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 18:15
Modified
2024-11-21 07:45
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "24C628AD-CF89-4FD5-B58F-38D150D2F535", versionEndExcluding: "8.1.13", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", versionEndExcluding: "8.2.10", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", versionEndExcluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "8AF379C7-8910-4C30-882A-4CE9F9C9992C", versionEndExcluding: "9.0.2209.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).", }, ], id: "CVE-2023-22941", lastModified: "2024-11-21T07:45:41.253", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T18:15:12.837", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0211", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0211", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-248", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-14 17:15
Modified
2024-10-16 22:18
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Summary
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | 9.3.0 | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "FB935ACC-3899-47DE-B4C0-CB94CAC79AC2", versionEndExcluding: "9.1.6", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "14D07F5E-504B-447B-988B-BF6ADA59F8D1", versionEndExcluding: "9.2.3", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:9.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "11F038B4-1335-4F4E-9013-E6D6152DCD20", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "C26D2195-4308-4226-BAD2-C3C6C225A604", versionEndExcluding: "9.1.2312.204", versionStartIncluding: "9.1.2312", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "45182C14-B120-4194-B7C0-EA5D298DD8FF", versionEndExcluding: "9.2.2403.108", versionStartIncluding: "9.2.2403.102", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).", }, { lang: "es", value: "En las versiones de Splunk Enterprise anteriores a 9.3.1, 9.2.3 y 9.1.6 y en las versiones de Splunk Cloud Platform anteriores a 9.2.2403.108 y 9.1.2312.204, un usuario con privilegios bajos que no tenga los roles de \"administrador\" o \"poder\" de Splunk podría cambiar el estado del modo de mantenimiento de App Key Value Store (KVStore) a través de un Cross-Site Request Forgery (CSRF).", }, ], id: "CVE-2024-45737", lastModified: "2024-10-16T22:18:17.003", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-14T17:15:12.453", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-1007", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/34bac267-a89b-4bd7-a072-a48eef1f15b8/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-04 23:15
Modified
2024-11-21 07:26
Severity ?
3.0 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "697F9803-FC99-4149-A4E5-55A3A8CB1D18", versionEndExcluding: "8.1.12", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07617B0C-3704-4DB5-B416-94B77A5C2EEE", versionEndExcluding: "8.2.9", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "867EFF29-96B9-44EF-93CE-8E7DB77B086E", versionEndExcluding: "9.0.2", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "968C9207-1208-43E0-ABA5-1008BE594FDF", versionEndExcluding: "9.0.2208", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.\n", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, Splunk Enterprise no valida ni escapa correctamente el encabezado del Host, lo que podría permitir que un usuario remoto autenticado realice varios ataques contra el sistema, incluidos Cross-Site Scripting y envenenamiento de caché.", }, ], id: "CVE-2022-43562", lastModified: "2024-11-21T07:26:47.353", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 1.4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-04T23:15:09.810", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1102.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 18:15
Modified
2024-11-21 07:45
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "24C628AD-CF89-4FD5-B58F-38D150D2F535", versionEndExcluding: "8.1.13", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", versionEndExcluding: "8.2.10", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", versionEndExcluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "EC797D87-1EA7-4C9E-BA2E-910408592511", versionEndExcluding: "9.0.2209", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.", }, ], id: "CVE-2023-22933", lastModified: "2024-11-21T07:45:40.160", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T18:15:12.220", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0203", }, { source: "prodsec@splunk.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/9ac2bfea-a234-4a18-9d37-6d747e85c2e4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0203", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/9ac2bfea-a234-4a18-9d37-6d747e85c2e4", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-14 17:15
Modified
2024-10-17 13:14
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "FB935ACC-3899-47DE-B4C0-CB94CAC79AC2", versionEndExcluding: "9.1.6", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "14D07F5E-504B-447B-988B-BF6ADA59F8D1", versionEndExcluding: "9.2.3", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "ED0A2EB5-E488-459C-976B-64D9B30F6A15", versionEndExcluding: "9.2.2403.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.", }, { lang: "es", value: "En las versiones de Splunk Enterprise anteriores a 9.2.3 y 9.1.6 y en las versiones de Splunk Cloud Platform anteriores a 9.2.2403, un usuario con pocos privilegios que no tenga los roles de \"administrador\" o \"poder\" de Splunk podría crear un payload malicioso a través de Vistas programadas que podría resultar en la ejecución de código JavaScript no autorizado en el navegador de un usuario.", }, ], id: "CVE-2024-45740", lastModified: "2024-10-17T13:14:20.107", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-14T17:15:13.047", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-1010", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/d4f55f7c-6518-4122-a197-951fe0f21b25/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-14 17:15
Modified
2024-10-17 13:03
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | 9.3.0 | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "14D07F5E-504B-447B-988B-BF6ADA59F8D1", versionEndExcluding: "9.2.3", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:9.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "11F038B4-1335-4F4E-9013-E6D6152DCD20", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "557AF53F-284F-43D2-9EA1-2E0E628DC303", versionEndExcluding: "9.1.2308.208", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "6DAA9B36-48A2-45BF-97B9-E548E80DF83C", versionEndExcluding: "9.1.2312.110", versionStartIncluding: "9.1.2312.100", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "200953F8-DF1D-4C6C-BE36-0866700A5F55", versionEndExcluding: "9.2.2403.103", versionStartIncluding: "9.2.2403.102", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could run a search as the \"nobody\" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.", }, { lang: "es", value: "En las versiones de Splunk Enterprise anteriores a 9.3.1, 9.2.0 y 9.2.3, y en las versiones de Splunk Cloud Platform anteriores a 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 y 9.1.2308.208, un usuario con privilegios bajos que no tenga los roles de Splunk \"admin\" o \"power\" podría ejecutar una búsqueda como el usuario de Splunk \"nobody\" en la aplicación SplunkDeploymentServerConfig. Esto podría permitir que el usuario con privilegios bajos acceda a datos potencialmente restringidos.", }, ], id: "CVE-2024-45732", lastModified: "2024-10-17T13:03:52.153", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-14T17:15:11.410", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-1002", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/f765c3fe-c3b6-4afe-a932-11dd4f3a024f/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-30 17:15
Modified
2024-11-21 08:19
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "5BD4C262-6668-45CC-87E5-ED553D2E4822", versionEndExcluding: "8.2.12", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "74A23E71-6A34-48A5-8087-B626BED870E0", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "81ED9AAF-7EEE-4212-9066-A17E76A75DE0", versionEndExcluding: "9.1.1", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "0FCE348A-6B22-458C-8CBD-4B4DF0096429", versionEndExcluding: "9.0.2305.200", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.", }, ], id: "CVE-2023-40598", lastModified: "2024-11-21T08:19:47.817", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-30T17:15:10.267", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0807", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0807", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-04 23:15
Modified
2024-11-21 07:26
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "697F9803-FC99-4149-A4E5-55A3A8CB1D18", versionEndExcluding: "8.1.12", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07617B0C-3704-4DB5-B416-94B77A5C2EEE", versionEndExcluding: "8.2.9", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "918AC184-EBFB-4715-BA0F-B848FA9503FF", versionEndExcluding: "9.0.2203", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. \n", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 8.2.9 y 8.1.12, la forma en que el comando ?tstats maneja la Notación de Objetos JavaScript (JSON) permite a un atacante eludir las protecciones de SPL para comandos con riesgo https://docs.splunk.com/Documentation/SplunkCloud/ último/Security/SPLsafeguards. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador.", }, ], id: "CVE-2022-43565", lastModified: "2024-11-21T07:26:47.777", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-04T23:15:10.023", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1105.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1105.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-04 23:15
Modified
2024-11-21 07:26
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "697F9803-FC99-4149-A4E5-55A3A8CB1D18", versionEndExcluding: "8.1.12", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07617B0C-3704-4DB5-B416-94B77A5C2EEE", versionEndExcluding: "8.2.9", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "918AC184-EBFB-4715-BA0F-B848FA9503FF", versionEndExcluding: "9.0.2203", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.\n", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 8.2.9 y 8.1.12, la forma en que el comando de búsqueda rex maneja los nombres de los campos permite a un atacante omitir las protecciones de SPL para comandos riesgosos https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/ Salvaguardias SPL. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. El atacante no puede explotar la vulnerabilidad a voluntad.", }, ], id: "CVE-2022-43563", lastModified: "2024-11-21T07:26:47.490", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-04T23:15:09.887", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-14 17:15
Modified
2024-10-16 22:20
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "FB935ACC-3899-47DE-B4C0-CB94CAC79AC2", versionEndExcluding: "9.1.6", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "14D07F5E-504B-447B-988B-BF6ADA59F8D1", versionEndExcluding: "9.2.3", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "B3E0B3F3-2B1A-48E7-A82D-829D96E1B40A", versionEndExcluding: "3.4.259", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "F8595E62-8142-4B1C-9DA2-5E8613DAB2A8", versionEndExcluding: "3.6.17", versionStartIncluding: "3.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.", }, { lang: "es", value: "En las versiones de Splunk Enterprise anteriores a 9.2.3 y 9.1.6, y en las versiones de Splunk Secure Gateway en Splunk Cloud Platform anteriores a 3.4.259, 3.6.17 y 3.7.0, un usuario con privilegios bajos que no tenga los roles de \"administrador\" o \"poder\" de Splunk puede ver la configuración de implementación del Almacén de valores de clave de la aplicación (Almacén KV) y las claves públicas/privadas en la aplicación Splunk Secure Gateway.", }, ], id: "CVE-2024-45735", lastModified: "2024-10-16T22:20:32.630", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-14T17:15:12.053", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-1005", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/0a3d6035-7bef-4dfa-b01e-84349edac3b4/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-01 17:15
Modified
2024-11-21 08:03
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5", versionEndExcluding: "8.1.14", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3", versionEndExcluding: "8.2.11", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596", versionEndExcluding: "9.0.5", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "97F2BD15-F25B-488B-B2AC-AD33239B4A27", versionEndExcluding: "9.0.2303.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.", }, ], id: "CVE-2023-32708", lastModified: "2024-11-21T08:03:53.407", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-01T17:15:10.173", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0603", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-113", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-436", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-01 17:15
Modified
2024-11-21 09:22
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591", versionEndExcluding: "9.0.10", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B1342052-4733-49BB-95F0-A89B07A3F2E3", versionEndExcluding: "9.2.2", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "DC2C1518-96BD-4223-84C6-7D539556ADA1", versionEndExcluding: "9.1.2308.209", versionStartIncluding: "9.1.2308", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "06F70B7E-9A18-4D2A-9D86-6A62E79951AE", versionEndExcluding: "9.1.2312.109", versionStartIncluding: "9.1.2312.100", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "B4B070D9-7C60-4E25-BD4E-A5FAD4118DD7", versionEndExcluding: "9.1.2312.202", versionStartIncluding: "9.1.2312.200", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.2.2403.100, un usuario autenticado y con pocos privilegios que no tenga los roles de administrador o de poder de Splunk podría enviar un mensaje HTTP especialmente manipulado. Solicitud POST al modelo de datos/endpoint REST web en Splunk Enterprise, lo que podría provocar una denegación de servicio.", }, ], id: "CVE-2024-36990", lastModified: "2024-11-21T09:22:59.170", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-01T17:15:07.600", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0710", }, { source: "prodsec@splunk.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/45766810-dbb2-44d4-b889-b4ba3ee0d1f5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0710", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/45766810-dbb2-44d4-b889-b4ba3ee0d1f5", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-14 17:15
Modified
2024-10-17 13:12
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| prodsec@splunk.com | https://advisory.splunk.com/advisories/SVD-2024-1011 | Vendor Advisory | |
| prodsec@splunk.com | https://research.splunk.com/application/d7b5aa71-157f-4359-9c34-e35752b1d0a2/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "FB935ACC-3899-47DE-B4C0-CB94CAC79AC2", versionEndExcluding: "9.1.6", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "14D07F5E-504B-447B-988B-BF6ADA59F8D1", versionEndExcluding: "9.2.3", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "E07DAB17-BFEC-4A25-A48D-560709D3DAD9", versionEndExcluding: "9.1.2312.205", versionStartIncluding: "9.1.2312", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "28B82F6A-EF30-4467-9DA1-D27AD96A326E", versionEndExcluding: "9.2.2403.108", versionStartIncluding: "9.2.2403.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could create a malicious payload through a custom configuration file that the \"api.uri\" parameter from the \"/manager/search/apps/local\" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.", }, { lang: "es", value: "En las versiones de Splunk Enterprise anteriores a 9.2.3 y 9.1.6 y en las versiones de Splunk Cloud Platform anteriores a 9.2.2403.108 y 9.1.2312.205, un usuario con pocos privilegios que no tenga los roles de \"administrador\" o \"poder\" de Splunk podría crear un payload malicioso a través de un archivo de configuración personalizado al que llama el parámetro \"api.uri\" del punto de conexión \"/manager/search/apps/local\" en Splunk Web. Esto podría provocar la ejecución de código JavaScript no autorizado en el navegador de un usuario.", }, ], id: "CVE-2024-45741", lastModified: "2024-10-17T13:12:54.180", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-14T17:15:13.250", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-1011", }, { source: "prodsec@splunk.com", tags: [ "Third Party Advisory", ], url: "https://research.splunk.com/application/d7b5aa71-157f-4359-9c34-e35752b1d0a2/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 18:15
Modified
2024-11-21 07:45
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| prodsec@splunk.com | https://advisory.splunk.com/advisories/SVD-2023-0208 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://advisory.splunk.com/advisories/SVD-2023-0208 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "24C628AD-CF89-4FD5-B58F-38D150D2F535", versionEndExcluding: "8.1.13", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", versionEndExcluding: "8.2.10", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", versionEndExcluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "8AF379C7-8910-4C30-882A-4CE9F9C9992C", versionEndExcluding: "9.0.2209.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.", }, ], id: "CVE-2023-22938", lastModified: "2024-11-21T07:45:40.823", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T18:15:12.617", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0208", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0208", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-15 17:15
Modified
2024-11-21 07:05
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "A6CE3B90-F8EF-4DC2-80FF-2B791F152037", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "B97CD36E-7ABF-4A2C-B844-D6C5CBBE673E", versionEndExcluding: "8.2.2203", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.", }, { lang: "es", value: "Los peers de Splunk Enterprise en las versiones de Splunk Enterprise anteriores a la 9.0 y las versiones de Splunk Cloud Platform anteriores a la 8.2.2203 no comprueban los certificados TLS durante las comunicaciones de Splunk a Splunk por defecto. Las comunicaciones entre pares de Splunk configuradas apropiadamente con certificados válidos no eran vulnerables. Sin embargo, un atacante con credenciales de administrador podía añadir un peer sin un certificado válido y las conexiones desde nodos configurados inapropiadamente sin certificados válidos no fallaban por defecto. Para Splunk Enterprise, actualice a versión 9.0 de Splunk Enterprise y configure la comprobación de nombres de host TLS para las comunicaciones entre Splunk (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) para habilitar la corrección", }, ], id: "CVE-2022-32153", lastModified: "2024-11-21T07:05:50.950", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-15T17:15:08.950", references: [ { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { source: "prodsec@splunk.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-297", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-01 17:15
Modified
2024-11-21 09:22
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591", versionEndExcluding: "9.0.10", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B1342052-4733-49BB-95F0-A89B07A3F2E3", versionEndExcluding: "9.2.2", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "D220E842-2B15-416F-960B-397166883F9F", versionEndExcluding: "9.1.2308.207", versionStartIncluding: "9.1.2308", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "7783EE7D-586D-4245-9B62-204240F5B6A3", versionEndExcluding: "9.1.2312.200", versionStartIncluding: "9.1.2312", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podría crear elementos experimentales.", }, ], id: "CVE-2024-36995", lastModified: "2024-11-21T09:22:59.907", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-01T17:15:08.707", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0715", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 18:15
Modified
2024-11-21 07:45
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "24C628AD-CF89-4FD5-B58F-38D150D2F535", versionEndExcluding: "8.1.13", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", versionEndExcluding: "8.2.10", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", versionEndExcluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "8AF379C7-8910-4C30-882A-4CE9F9C9992C", versionEndExcluding: "9.0.2209.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.", }, ], id: "CVE-2023-22934", lastModified: "2024-11-21T07:45:40.297", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.2, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T18:15:12.297", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0204", }, { source: "prodsec@splunk.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0204", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-03 23:15
Modified
2024-11-21 07:26
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| prodsec@splunk.com | https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20/ | Exploit, Technical Description, Vendor Advisory | |
| prodsec@splunk.com | https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20/ | Exploit, Technical Description, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "697F9803-FC99-4149-A4E5-55A3A8CB1D18", versionEndExcluding: "8.1.12", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07617B0C-3704-4DB5-B416-94B77A5C2EEE", versionEndExcluding: "8.2.9", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "867EFF29-96B9-44EF-93CE-8E7DB77B086E", versionEndExcluding: "9.0.2", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "968C9207-1208-43E0-ABA5-1008BE594FDF", versionEndExcluding: "9.0.2208", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled.", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario remoto que posee el poder del rol Splunk puede almacenar scripts arbitrarios que pueden generar Cross-Site Scripting (XSS) persistentes. La vulnerabilidad afecta a instancias con Splunk Web habilitado.", }, ], id: "CVE-2022-43561", lastModified: "2024-11-21T07:26:47.200", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-03T23:15:15.127", references: [ { source: "prodsec@splunk.com", tags: [ "Exploit", "Technical Description", "Vendor Advisory", ], url: "https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20/", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Vendor Advisory", ], url: "https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 18:15
Modified
2024-11-21 07:45
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "24C628AD-CF89-4FD5-B58F-38D150D2F535", versionEndExcluding: "8.1.13", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", versionEndExcluding: "8.2.10", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "B97CD36E-7ABF-4A2C-B844-D6C5CBBE673E", versionEndExcluding: "8.2.2203", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.", }, ], id: "CVE-2023-22931", lastModified: "2024-11-21T07:45:39.900", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T18:15:12.063", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0201", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-276", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-30 17:15
Modified
2024-11-21 08:19
Severity ?
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "21F6F824-393F-424F-85DF-CD3FCB40452F", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "74A23E71-6A34-48A5-8087-B626BED870E0", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:9.1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "A4F2BC82-AD4C-4D80-8200-C2371E7C04F1", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "A2A0FF7F-1171-42D4-A27B-689541F4BC32", versionEndIncluding: "9.0.2305.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.", }, ], id: "CVE-2023-40592", lastModified: "2024-11-21T08:19:46.990", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 6, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-30T17:15:09.763", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0801", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/182f9080-4137-4629-94ac-cb1083ac981a/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/182f9080-4137-4629-94ac-cb1083ac981a/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-04 23:15
Modified
2024-11-21 07:26
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "697F9803-FC99-4149-A4E5-55A3A8CB1D18", versionEndExcluding: "8.1.12", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07617B0C-3704-4DB5-B416-94B77A5C2EEE", versionEndExcluding: "8.2.9", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "867EFF29-96B9-44EF-93CE-8E7DB77B086E", versionEndExcluding: "9.0.2", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "EC797D87-1EA7-4C9E-BA2E-910408592511", versionEndExcluding: "9.0.2209", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.\n", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario autenticado puede inyectar y almacenar secuencias de comandos arbitrarias que pueden generar Cross-Site Scripting (XSS) persistentes en el nombre del objeto de un Modelo de Datos.", }, ], id: "CVE-2022-43569", lastModified: "2024-11-21T07:26:48.340", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-04T23:15:10.270", references: [ { source: "prodsec@splunk.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/062bff76-5f9c-496e-a386-cb1adcf69871/", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1109.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/062bff76-5f9c-496e-a386-cb1adcf69871/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1109.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-01 17:15
Modified
2024-11-21 09:22
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| prodsec@splunk.com | https://advisory.splunk.com/advisories/SVD-2024-0712 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://advisory.splunk.com/advisories/SVD-2024-0712 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591", versionEndExcluding: "9.0.10", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B1342052-4733-49BB-95F0-A89B07A3F2E3", versionEndExcluding: "9.2.2", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "D220E842-2B15-416F-960B-397166883F9F", versionEndExcluding: "9.1.2308.207", versionStartIncluding: "9.1.2308", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "7783EE7D-586D-4245-9B62-204240F5B6A3", versionEndExcluding: "9.1.2312.200", versionStartIncluding: "9.1.2312", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podría crear un payload malicioso a través de una Vista que podría resultar en la ejecución de código JavaScript no autorizado en el navegador de un usuario.bEl parámetro \"url\" del elemento Panel no tiene una validación de entrada adecuada para rechazar URL no válidas, lo que podría provocar un exploit de Cross-Site Scripting (XSS).", }, ], id: "CVE-2024-36992", lastModified: "2024-11-21T09:22:59.493", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-01T17:15:08.077", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0712", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 18:15
Modified
2024-11-21 07:45
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "24C628AD-CF89-4FD5-B58F-38D150D2F535", versionEndExcluding: "8.1.13", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", versionEndExcluding: "8.2.10", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", versionEndExcluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "8AF379C7-8910-4C30-882A-4CE9F9C9992C", versionEndExcluding: "9.0.2209.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.", }, ], id: "CVE-2023-22939", lastModified: "2024-11-21T07:45:40.980", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T18:15:12.687", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0209", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0209", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-15 17:15
Modified
2024-11-21 07:05
Severity ?
Summary
In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "A6CE3B90-F8EF-4DC2-80FF-2B791F152037", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "87852670-65F6-4EE8-ABD5-BC25137868DD", versionEndExcluding: "8.2.2106", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.", }, { lang: "es", value: "En forwarder universal versiones anteriores a 9.0, los servicios de administración están disponibles de forma remota por defecto. Cuando no es requerido, introduce una exposición potencial, pero no es una vulnerabilidad. Si es expuesta, recomendamos que cada cliente evalúe la gravedad potencial específica de su entorno. En versión 9.0, el reenviador universal vincula ahora el puerto de administración a localhost, lo que impide el inicio de sesión remoto por defecto. Si los servicios de administración no son necesarios en versiones anteriores a 9.0, establezca disableDefaultPort = true en server.conf O allowRemoteLogin = never en server.conf O mgmtHostPort = localhost en web.conf. Consulte Configurar la seguridad de la administración del reenviador universal (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) para obtener más información sobre la deshabilitación de los servicios de administración remota", }, ], id: "CVE-2022-32155", lastModified: "2024-11-21T07:05:51.250", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-15T17:15:09.087", references: [ { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security", }, { source: "prodsec@splunk.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-04 23:15
Modified
2024-11-21 07:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| prodsec@splunk.com | https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html | Not Applicable, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "697F9803-FC99-4149-A4E5-55A3A8CB1D18", versionEndExcluding: "8.1.12", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07617B0C-3704-4DB5-B416-94B77A5C2EEE", versionEndExcluding: "8.2.9", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "867EFF29-96B9-44EF-93CE-8E7DB77B086E", versionEndExcluding: "9.0.2", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "EC797D87-1EA7-4C9E-BA2E-910408592511", versionEndExcluding: "9.0.2209", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing.\n", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, el envío de un archivo con formato incorrecto a través de los protocolos Splunk-to-Splunk (S2S) o HTTP Event Collector (HEC) a un indexador provoca un bloqueo o denegación fuera de servicio evitando una mayor indexación.", }, ], id: "CVE-2022-43572", lastModified: "2024-11-21T07:26:48.760", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-04T23:15:10.390", references: [ { source: "prodsec@splunk.com", tags: [ "Not Applicable", "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-15 17:15
Modified
2024-11-21 07:05
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "A6CE3B90-F8EF-4DC2-80FF-2B791F152037", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "B97CD36E-7ABF-4A2C-B844-D6C5CBBE673E", versionEndExcluding: "8.2.2203", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.", }, { lang: "es", value: "Los peers de Splunk Enterprise en Splunk Enterprise versiones anteriores a 9.0 y Splunk Cloud Platform versiones anteriores a 8.2.2203 no comprueban los certificados TLS durante las comunicaciones de Splunk a Splunk por defecto. Las comunicaciones entre pares de Splunk configuradas apropiadamente con certificados válidos no eran vulnerables. Sin embargo, un atacante con credenciales de administrador podía añadir un peer sin un certificado válido y las conexiones desde nodos configurados inapropiadamente sin certificados válidos no fallaban por defecto. Para Splunk Enterprise, actualice a versión 9.0 de Splunk Enterprise y configure la comprobación del nombre de host TLS para las comunicaciones entre Splunk (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) para habilitar la corrección", }, ], id: "CVE-2022-32152", lastModified: "2024-11-21T07:05:50.800", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-15T17:15:08.880", references: [ { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { source: "prodsec@splunk.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-01 17:15
Modified
2024-11-21 08:03
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5", versionEndExcluding: "8.1.14", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3", versionEndExcluding: "8.2.11", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596", versionEndExcluding: "9.0.5", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "97F2BD15-F25B-488B-B2AC-AD33239B4A27", versionEndExcluding: "9.0.2303.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.", }, { lang: "es", value: "En las versiones de Splunk Enterprise anteriores a 9.0.5, 8.2.11 y 8.1.14, y de Splunk Cloud Platform anteriores a la versión 9.0.2303.100, un usuario con pocos privilegios que tenga un rol que tenga asignada la capacidad de \"edit_user\" puede escalar sus privilegios a los del usuario administrador proporcionando solicitudes web especialmente manipuladas.", }, ], id: "CVE-2023-32707", lastModified: "2024-11-21T08:03:53.250", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-01T17:15:10.117", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0602", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0602", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-01 17:15
Modified
2025-03-07 17:13
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591", versionEndExcluding: "9.0.10", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B1342052-4733-49BB-95F0-A89B07A3F2E3", versionEndExcluding: "9.2.2", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "D220E842-2B15-416F-960B-397166883F9F", versionEndExcluding: "9.1.2308.207", versionStartIncluding: "9.1.2308", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "F2E66C0D-BD3A-46CE-9578-068401F094C0", versionEndExcluding: "9.1.2312.109", versionStartIncluding: "9.1.2312", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109 y 9.1.2308.207, un usuario autenticado podría crear una búsqueda externa que llame a una función interna heredada. El usuario autenticado podría utilizar esta función interna para insertar código en el directorio de instalación de la plataforma Splunk. Desde allí, el usuario podría ejecutar código arbitrario en la instancia de la plataforma Splunk.", }, ], id: "CVE-2024-36983", lastModified: "2025-03-07T17:13:55.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-01T17:15:06.257", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0703", }, { source: "prodsec@splunk.com", tags: [ "Tool Signature", ], url: "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Tool Signature", ], url: "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-10 18:15
Modified
2025-03-06 20:11
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| prodsec@splunk.com | https://advisory.splunk.com/advisories/SVD-2024-1203 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "6653C37D-03C0-47C1-BC9C-510EBB0CB4BE", versionEndExcluding: "9.1.7", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E31DE8DF-1AAD-4570-93E3-711C07FE1227", versionEndExcluding: "9.2.4", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "C0338CF9-1AC9-4F45-9A68-06172C6B36A1", versionEndExcluding: "9.1.2312.206", versionStartIncluding: "9.1.2312", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.", }, { lang: "es", value: "En las versiones de Splunk Enterprise anteriores a 9.3.0, 9.2.4 y 9.1.7 y las versiones de Splunk Cloud Platform anteriores a 9.1.2312.206, un usuario con privilegios bajos que no tenga los roles de Splunk “admin” o “power”, que tenga un nombre de usuario con el mismo nombre que un rol con acceso de lectura a los paneles, podría ver el nombre del panel y el XML del panel al clonar el panel.", }, ], id: "CVE-2024-53245", lastModified: "2025-03-06T20:11:59.973", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-12-10T18:15:41.397", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-1203", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-04 23:15
Modified
2024-11-21 07:26
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "697F9803-FC99-4149-A4E5-55A3A8CB1D18", versionEndExcluding: "8.1.12", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07617B0C-3704-4DB5-B416-94B77A5C2EEE", versionEndExcluding: "8.2.9", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "867EFF29-96B9-44EF-93CE-8E7DB77B086E", versionEndExcluding: "9.0.2", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "EC797D87-1EA7-4C9E-BA2E-910408592511", versionEndExcluding: "9.0.2209", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.\n", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario autenticado puede realizar una inyección de entidad externa (XXE) en lenguaje de marcado extensible (XML) a través de una Vista personalizada. La inyección XXE hace que Splunk Web incruste documentos incorrectos en un error.", }, ], id: "CVE-2022-43570", lastModified: "2024-11-21T07:26:48.477", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-04T23:15:10.330", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-03 23:15
Modified
2024-11-21 07:26
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "697F9803-FC99-4149-A4E5-55A3A8CB1D18", versionEndExcluding: "8.1.12", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07617B0C-3704-4DB5-B416-94B77A5C2EEE", versionEndExcluding: "8.2.9", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "867EFF29-96B9-44EF-93CE-8E7DB77B086E", versionEndExcluding: "9.0.2", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "EC797D87-1EA7-4C9E-BA2E-910408592511", versionEndExcluding: "9.0.2209", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.\n\n", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar código arbitrario a través del componente de generación de PDF del dashboard.", }, ], id: "CVE-2022-43571", lastModified: "2024-11-21T07:26:48.610", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-03T23:15:21.987", references: [ { source: "prodsec@splunk.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/b06b41d7-9570-4985-8137-0784f582a1b3/", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/b06b41d7-9570-4985-8137-0784f582a1b3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-04 23:15
Modified
2024-11-21 07:26
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "697F9803-FC99-4149-A4E5-55A3A8CB1D18", versionEndExcluding: "8.1.12", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07617B0C-3704-4DB5-B416-94B77A5C2EEE", versionEndExcluding: "8.2.9", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "867EFF29-96B9-44EF-93CE-8E7DB77B086E", versionEndExcluding: "9.0.2", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "8E99A24B-2F6D-4688-BAFA-8E40A5954875", versionEndExcluding: "9.0.2205", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.\n", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos arbitrarios del sistema operativo de forma remota mediante el uso de solicitudes especialmente manipuladas para la función de alertas móviles en la aplicación Splunk Secure Gateway.", }, ], id: "CVE-2022-43567", lastModified: "2024-11-21T07:26:48.057", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-04T23:15:10.147", references: [ { source: "prodsec@splunk.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 18:15
Modified
2024-11-21 07:45
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| prodsec@splunk.com | https://advisory.splunk.com/advisories/SVD-2023-0207 | Mitigation, Vendor Advisory | |
| prodsec@splunk.com | https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://advisory.splunk.com/advisories/SVD-2023-0207 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "24C628AD-CF89-4FD5-B58F-38D150D2F535", versionEndExcluding: "8.1.13", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", versionEndExcluding: "8.2.10", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", versionEndExcluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "8AF379C7-8910-4C30-882A-4CE9F9C9992C", versionEndExcluding: "9.0.2209.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.", }, ], id: "CVE-2023-22937", lastModified: "2024-11-21T07:45:40.697", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T18:15:12.540", references: [ { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0207", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0207", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-30 17:15
Modified
2024-11-21 08:19
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "21F6F824-393F-424F-85DF-CD3FCB40452F", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "74A23E71-6A34-48A5-8087-B626BED870E0", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:9.1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "A4F2BC82-AD4C-4D80-8200-C2371E7C04F1", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "A2A0FF7F-1171-42D4-A27B-689541F4BC32", versionEndIncluding: "9.0.2305.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.", }, ], id: "CVE-2023-40595", lastModified: "2024-11-21T08:19:47.410", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-30T17:15:10.027", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0804", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/d1d8fda6-874a-400f-82cf-dcbb59d8e4db/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/d1d8fda6-874a-400f-82cf-dcbb59d8e4db/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-01 17:15
Modified
2024-11-21 08:03
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| prodsec@splunk.com | https://advisory.splunk.com/advisories/SVD-2023-0601 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://advisory.splunk.com/advisories/SVD-2023-0601 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5", versionEndExcluding: "8.1.14", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3", versionEndExcluding: "8.2.11", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596", versionEndExcluding: "9.0.5", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "97F2BD15-F25B-488B-B2AC-AD33239B4A27", versionEndExcluding: "9.0.2303.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.", }, ], id: "CVE-2023-32706", lastModified: "2024-11-21T08:03:53.107", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-01T17:15:10.027", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0601", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-30 17:15
Modified
2024-11-21 08:19
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "21F6F824-393F-424F-85DF-CD3FCB40452F", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "74A23E71-6A34-48A5-8087-B626BED870E0", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "A2A0FF7F-1171-42D4-A27B-689541F4BC32", versionEndIncluding: "9.0.2305.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.", }, ], id: "CVE-2023-40593", lastModified: "2024-11-21T08:19:47.123", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-30T17:15:09.853", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0802", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-01 17:15
Modified
2024-11-21 09:23
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| prodsec@splunk.com | https://advisory.splunk.com/advisories/SVD-2024-0716 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://advisory.splunk.com/advisories/SVD-2024-0716 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "1E1312EB-AB0A-4E4B-9801-D12BFCD44702", versionEndIncluding: "9.0.10", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B1342052-4733-49BB-95F0-A89B07A3F2E3", versionEndExcluding: "9.2.2", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "F2E66C0D-BD3A-46CE-9578-068401F094C0", versionEndExcluding: "9.1.2312.109", versionStartIncluding: "9.1.2312", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109, un atacante podría determinar si existe otro usuario en la instancia descifrando la respuesta de error que probablemente recibirían de la instancia cuando intenten iniciar sesión. Esta divulgación podría dar lugar a ataques adicionales de fuerza bruta para adivinar contraseñas. Esta vulnerabilidad requeriría que la instancia de la plataforma Splunk utilice el esquema de autenticación Security Assertion Markup Language (SAML).", }, ], id: "CVE-2024-36996", lastModified: "2024-11-21T09:23:00.057", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-01T17:15:08.917", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0716", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-204", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-15 17:15
Modified
2024-11-21 07:05
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "A6CE3B90-F8EF-4DC2-80FF-2B791F152037", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "B97CD36E-7ABF-4A2C-B844-D6C5CBBE673E", versionEndExcluding: "8.2.2203", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.", }, { lang: "es", value: "Las bibliotecas de Python httplib y urllib que Splunk envió con Splunk Enterprise no comprueban los certificados usando los almacenes de certificados de la autoridad de certificación (CA) de forma predeterminada en Splunk Enterprise versiones anteriores a 9.0 y Splunk Cloud Platform versiones anteriores a 8.2.2203. Las bibliotecas de cliente de Python 3 ahora verifican los certificados del servidor por defecto y usan los almacenes de certificados de CA apropiados para cada biblioteca. Las aplicaciones y complementos que incluyen sus propias bibliotecas HTTP no están afectadas. Para Splunk Enterprise, actualice a versión 9.0 de Splunk Enterprise y configure la comprobación del nombre de host TLS para las comunicaciones de Splunk a Splunk (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) para habilitar la corrección", }, ], id: "CVE-2022-32151", lastModified: "2024-11-21T07:05:50.667", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-15T17:15:08.810", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { source: "prodsec@splunk.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-01 17:15
Modified
2024-11-21 09:22
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591", versionEndExcluding: "9.0.10", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", versionEndExcluding: "9.1.5", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B1342052-4733-49BB-95F0-A89B07A3F2E3", versionEndExcluding: "9.2.2", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "D220E842-2B15-416F-960B-397166883F9F", versionEndExcluding: "9.1.2308.207", versionStartIncluding: "9.1.2308", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "7783EE7D-586D-4245-9B62-204240F5B6A3", versionEndExcluding: "9.1.2312.200", versionStartIncluding: "9.1.2312", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.", }, { lang: "es", value: "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga las funciones de administrador o poder de Splunk podría crear un payload malicioso a través de mensajes de boletín web de Splunk que podría resultar en la ejecución de código JavaScript no autorizado en el navegador de un usuario.", }, ], id: "CVE-2024-36993", lastModified: "2024-11-21T09:22:59.620", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-01T17:15:08.290", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0713", }, { source: "prodsec@splunk.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/fd852b27-1882-4505-9f2c-64dfb96f4fc1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0713", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/fd852b27-1882-4505-9f2c-64dfb96f4fc1", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-15 17:15
Modified
2024-11-21 07:05
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "A6CE3B90-F8EF-4DC2-80FF-2B791F152037", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "87852670-65F6-4EE8-ABD5-BC25137868DD", versionEndExcluding: "8.2.2106", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.", }, { lang: "es", value: "Los cuadros de mando en Splunk Enterprise versiones anteriores a 9.0, podrían permitir a un atacante inyectar comandos de búsqueda arriesgados en un token de formulario cuando el token es usado en una consulta en una petición de origen cruzado. El resultado es una omisión de las salvaguardas de SPL para los comandos de riesgo. Véase Las nuevas capacidades pueden limitar el acceso a algunos comandos personalizados y potencialmente arriesgados (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) para más información. Tenga en cuenta que el ataque está basado en el navegador y un atacante no puede explotarlo a voluntad", }, ], id: "CVE-2022-32154", lastModified: "2024-11-21T07:05:51.100", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.2, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-15T17:15:09.017", references: [ { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands", }, { source: "prodsec@splunk.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-01 17:15
Modified
2024-11-21 08:03
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| prodsec@splunk.com | https://advisory.splunk.com/advisories/SVD-2023-0609 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://advisory.splunk.com/advisories/SVD-2023-0609 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5", versionEndExcluding: "8.1.14", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3", versionEndExcluding: "8.2.11", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596", versionEndExcluding: "9.0.5", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "97F2BD15-F25B-488B-B2AC-AD33239B4A27", versionEndExcluding: "9.0.2303.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.", }, ], id: "CVE-2023-32710", lastModified: "2024-11-21T08:03:53.677", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-01T17:15:10.283", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0609", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 18:15
Modified
2024-11-21 07:45
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "24C628AD-CF89-4FD5-B58F-38D150D2F535", versionEndExcluding: "8.1.13", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", versionEndExcluding: "8.2.10", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", versionEndExcluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "8AF379C7-8910-4C30-882A-4CE9F9C9992C", versionEndExcluding: "9.0.2209.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.", }, ], id: "CVE-2023-22935", lastModified: "2024-11-21T07:45:40.440", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T18:15:12.377", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0205", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0205", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-10 18:15
Modified
2025-03-06 20:15
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| prodsec@splunk.com | https://advisory.splunk.com/advisories/SVD-2024-1202 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "6653C37D-03C0-47C1-BC9C-510EBB0CB4BE", versionEndExcluding: "9.1.7", versionStartIncluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E31DE8DF-1AAD-4570-93E3-711C07FE1227", versionEndExcluding: "9.2.4", versionStartIncluding: "9.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "A709D871-A35B-4CF2-A9D7-23CE29D0A8C6", versionEndExcluding: "9.3.2", versionStartIncluding: "9.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "C0338CF9-1AC9-4F45-9A68-06172C6B36A1", versionEndExcluding: "9.1.2312.206", versionStartIncluding: "9.1.2312", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "1D640552-2CAE-4747-9683-C7DC45D556EF", versionEndExcluding: "9.2.2403.109", versionStartIncluding: "9.2.2403", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "5C9D4F64-DAA8-4692-AE4F-171777E8D7C3", versionEndExcluding: "9.2.2406.107", versionStartIncluding: "9.2.2406", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.", }, { lang: "es", value: "En las versiones de Splunk Enterprise anteriores a 9.3.2, 9.2.4 y 9.1.7 y en las versiones de Splunk Cloud Platform anteriores a 9.2.2406.107, 9.2.2403.109 y 9.1.2312.206, un usuario con pocos privilegios que no tenga los roles de Splunk “admin” o “power” podría ejecutar una búsqueda guardada con un comando riesgoso utilizando los permisos de un usuario con mayores privilegios para eludir las medidas de seguridad de SPL para comandos riesgosos en el punto de conexión “/en-US/app/search/report” a través del parámetro “s”.<br>La vulnerabilidad requiere que el atacante engañe a la víctima para que inicie una solicitud dentro de su navegador. El usuario autenticado no debería poder explotar la vulnerabilidad a voluntad.", }, ], id: "CVE-2024-53244", lastModified: "2025-03-06T20:15:11.390", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-12-10T18:15:41.243", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2024-1202", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-16 21:15
Modified
2024-11-21 07:14
Severity ?
2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Summary
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "52EBCCF6-0276-4B2C-9068-53864A39265F", versionEndExcluding: "8.1.11", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07E949C3-48BB-4D7F-98A2-B078E7A75F1B", versionEndExcluding: "8.2.7.1", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:9.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "9A6A63F1-B7A3-4D3D-8366-29C38A5B48BD", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "DB89EDB8-DF51-4A3E-AD64-D688B367B32C", versionEndIncluding: "8.2.2203.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.", }, { lang: "es", value: "En las versiones de Splunk Enterprise de la siguiente tabla, un usuario autenticado puede diseñar un panel de control que podría filtrar información (por ejemplo, nombre de usuario, correo electrónico y nombre real) sobre los usuarios de Splunk, cuando es visitado por otro usuario por medio del componente drilldown. La vulnerabilidad requiere el acceso del usuario para crear y compartir cuadros de mando usando Splunk Web.", }, ], id: "CVE-2022-37438", lastModified: "2024-11-21T07:14:59.743", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-16T21:15:13.587", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6", }, { source: "prodsec@splunk.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-01 17:15
Modified
2024-11-21 08:03
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5", versionEndExcluding: "8.1.14", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3", versionEndExcluding: "8.2.11", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596", versionEndExcluding: "9.0.5", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "97F2BD15-F25B-488B-B2AC-AD33239B4A27", versionEndExcluding: "9.0.2303.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.", }, ], id: "CVE-2023-32716", lastModified: "2024-11-21T08:03:54.430", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-01T17:15:10.630", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0611", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0611", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-754", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-754", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 18:15
Modified
2024-11-21 07:45
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", versionEndExcluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "8AF379C7-8910-4C30-882A-4CE9F9C9992C", versionEndExcluding: "9.0.2209.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.", }, ], id: "CVE-2023-22932", lastModified: "2024-11-21T07:45:40.030", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 5.8, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T18:15:12.143", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0202", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-30 17:15
Modified
2024-11-21 08:19
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "21F6F824-393F-424F-85DF-CD3FCB40452F", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "74A23E71-6A34-48A5-8087-B626BED870E0", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:9.1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "A4F2BC82-AD4C-4D80-8200-C2371E7C04F1", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "A2A0FF7F-1171-42D4-A27B-689541F4BC32", versionEndIncluding: "9.0.2305.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.", }, ], id: "CVE-2023-40594", lastModified: "2024-11-21T08:19:47.267", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2, impactScore: 4, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-30T17:15:09.940", references: [ { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0803", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/78b48d08-075c-4eac-bd07-e364c3780867/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://research.splunk.com/application/78b48d08-075c-4eac-bd07-e364c3780867/", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-04 23:15
Modified
2024-11-21 07:26
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "697F9803-FC99-4149-A4E5-55A3A8CB1D18", versionEndExcluding: "8.1.12", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "07617B0C-3704-4DB5-B416-94B77A5C2EEE", versionEndExcluding: "8.2.9", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "867EFF29-96B9-44EF-93CE-8E7DB77B086E", versionEndExcluding: "9.0.2", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "968C9207-1208-43E0-ABA5-1008BE594FDF", versionEndExcluding: "9.0.2208", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.\n", }, { lang: "es", value: "En las versiones de Splunk Enterprise anteriores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos con riesgo utilizando los permisos de un usuario con más privilegios para evitar las protecciones de SPL para comandos con riesgo https://docs.splunk.com/ Documentación/SplunkCloud/latest/Security/SPLsafeguards en el espacio de trabajo de Analytics. La vulnerabilidad requiere que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. El atacante no puede explotar la vulnerabilidad a voluntad.", }, ], id: "CVE-2022-43566", lastModified: "2024-11-21T07:26:47.917", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.2, source: "prodsec@splunk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-04T23:15:10.080", references: [ { source: "prodsec@splunk.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8/", }, { source: "prodsec@splunk.com", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html", }, ], sourceIdentifier: "prodsec@splunk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "prodsec@splunk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }