29 results (0.001 seconds)

CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. • https://advisory.splunk.com/advisories/SVD-2024-1202 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation. • https://advisory.splunk.com/advisories/SVD-2024-1204 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control. • https://advisory.splunk.com/advisories/SVD-2024-1201 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0

In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard. • https://advisory.splunk.com/advisories/SVD-2024-1203 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE). • https://advisory.splunk.com/advisories/SVD-2024-1205 • CWE-502: Deserialization of Untrusted Data •