7 results (0.004 seconds)

CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. • https://advisory.splunk.com/advisories/SVD-2024-1202 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation. • https://advisory.splunk.com/advisories/SVD-2024-1204 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF). • https://advisory.splunk.com/advisories/SVD-2024-1007 https://research.splunk.com/application/34bac267-a89b-4bd7-a072-a48eef1f15b8 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data. • https://advisory.splunk.com/advisories/SVD-2024-1002 https://research.splunk.com/application/f765c3fe-c3b6-4afe-a932-11dd4f3a024f • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd). • https://advisory.splunk.com/advisories/SVD-2024-1006 https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14 • CWE-400: Uncontrolled Resource Consumption •