3 results (0.006 seconds)

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. En las versiones de Splunk Add-on Builder inferiores a 4.1.4, la aplicación escribe información confidencial en archivos de registro internos. • https://advisory.splunk.com/advisories/SVD-2024-0111 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on. En las versiones de Splunk Add-on Builder inferiores a 4.1.4, la aplicación escribe tokens de sesión de usuario en sus archivos de registro internos cuando visita Splunk Add-on Builder o cuando crea o edita una aplicación o complemento personalizado. • https://advisory.splunk.com/advisories/SVD-2024-0110 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. • https://advisory.splunk.com/advisories/SVD-2023-0213 • CWE-295: Improper Certificate Validation CWE-636: Not Failing Securely ('Failing Open') •