CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22937 – Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22937
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. • https://advisory.splunk.com/advisories/SVD-2023-0207 https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22943 – Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDK
https://notcve.org/view.php?id=CVE-2023-22943
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. • https://advisory.splunk.com/advisories/SVD-2023-0213 • CWE-295: Improper Certificate Validation CWE-636: Not Failing Securely ('Failing Open') •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-22933 – Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22933
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. • https://advisory.splunk.com/advisories/SVD-2023-0203 https://research.splunk.com/application/9ac2bfea-a234-4a18-9d37-6d747e85c2e4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22942 – Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22942
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request. • https://advisory.splunk.com/advisories/SVD-2023-0212 https://research.splunk.com/application/4742d5f7-ce00-45ce-9c79-5e98b43b4410 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22932 – Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22932
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0. • https://advisory.splunk.com/advisories/SVD-2023-0202 https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •