CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-45736 – Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
https://notcve.org/view.php?id=CVE-2024-45736
14 Oct 2024 — In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd). • https://advisory.splunk.com/advisories/SVD-2024-1006 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45741 – Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise
https://notcve.org/view.php?id=CVE-2024-45741
14 Oct 2024 — In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user. • https://advisory.splunk.com/advisories/SVD-2024-1011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45734 – Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard
https://notcve.org/view.php?id=CVE-2024-45734
14 Oct 2024 — In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard. • https://advisory.splunk.com/advisories/SVD-2024-1004 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45740 – Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise
https://notcve.org/view.php?id=CVE-2024-45740
14 Oct 2024 — In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user. • https://advisory.splunk.com/advisories/SVD-2024-1010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45731 – Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk
https://notcve.org/view.php?id=CVE-2024-45731
14 Oct 2024 — In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. • https://advisory.splunk.com/advisories/SVD-2024-1001 • CWE-23: Relative Path Traversal •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45735 – Improper Access Control for low-privileged user in Splunk Secure Gateway App
https://notcve.org/view.php?id=CVE-2024-45735
14 Oct 2024 — In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App. • https://advisory.splunk.com/advisories/SVD-2024-1005 • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36997 – Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint
https://notcve.org/view.php?id=CVE-2024-36997
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312, un usuario administrador po... • https://advisory.splunk.com/advisories/SVD-2024-0717 • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36993 – Persistent Cross-site Scripting (XSS) in Web Bulletin
https://notcve.org/view.php?id=CVE-2024-36993
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9... • https://advisory.splunk.com/advisories/SVD-2024-0713 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36995 – Low-privileged user could create experimental items
https://notcve.org/view.php?id=CVE-2024-36995
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podría crear elementos ... • https://advisory.splunk.com/advisories/SVD-2024-0715 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36982 – Denial of Service through null pointer reference in “cluster/config” REST endpoint
https://notcve.org/view.php?id=CVE-2024-36982
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109 y 9.1.2308.207, un atacante podría activar una referencia de puntero nulo en el endpoint REST de... • https://advisory.splunk.com/advisories/SVD-2024-0702 • CWE-476: NULL Pointer Dereference •