Page 3 of 41 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. Una configuración errónea en la ruta por defecto del nodo permite una escalada de privilegios local de un usuario menos privilegiado al usuario de Splunk en Splunk Enterprise versiones anteriores a 8.1.1 en Windows • https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium. • https://claroty.com/2022/03/24/blog-research-locking-down-splunk-enterprise-indexers-and-forwarders https://www.splunk.com/en_us/product-security/announcements/svd-2022-0301.html • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking Splunk versiones anteriores a 5.0.4, carece de X-Frame-Options que puede permitir un Secuestro del Cliqueo. • http://www.splunk.com/view/SP-CAAAH32 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. Una vulnerabilidad de omisión de sandbox en Jenkins Splunk Plugin 1.7.4 y versiones anteriores permitía a los atacantes con permiso General / Leer proporcionar un script Groovy a un punto final HTTP que puede provocar la ejecución de código arbitrario en la JVM maestra de Jenkins. • http://www.openwall.com/lists/oss-security/2019/08/28/4 https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1294 •

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0

Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827. Splunk Web en Splunk Enterprise, en versiones 6.5.x anteriores a la 6.5.5, versiones 6.4.x anteriores a la 6.4.9, versiones 6.3.x anteriores a la 6.3.12, versiones 6.2.x anteriores a la 6.2.14, versiones 6.1.x anteriores a la 6.1.14 y versiones 6.0.x anteriores a la 6.0.15; y Splunk Light, en versiones anteriores a la 6.6.0, tiene Cross-Site Scripting (XSS) persistente. Esto también se conoce como SPL-138827. • http://www.securityfocus.com/bid/107113 https://www.splunk.com/view/SP-CAAAQAF • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •