CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-22933 – Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22933
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. • https://advisory.splunk.com/advisories/SVD-2023-0203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22942 – Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22942
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request. • https://advisory.splunk.com/advisories/SVD-2023-0212 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22936 – Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22936
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment. • https://advisory.splunk.com/advisories/SVD-2023-0206 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-22941 – Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
https://notcve.org/view.php?id=CVE-2023-22941
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). • https://github.com/eduardosantos1989/CVE-2023-22941 • CWE-248: Uncaught Exception •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22931 – ‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22931
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default. • https://advisory.splunk.com/advisories/SVD-2023-0201 • CWE-276: Incorrect Default Permissions CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22935 – SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22935
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. • https://advisory.splunk.com/advisories/SVD-2023-0205 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-22934 – SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22934
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser. • https://advisory.splunk.com/advisories/SVD-2023-0204 • CWE-20: Improper Input Validation CWE-108: Struts: Unvalidated Action Form •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22940 – SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22940
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web... • https://advisory.splunk.com/advisories/SVD-2023-0210 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43572 – Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43572
04 Nov 2022 — In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, el envío de un archivo con formato incorrecto a través de los protocolos Splunk-to-Splunk (S2S) o HTTP Event Collector (HEC) a un indexador provoca un bloqueo o denegación fuera de servicio ... • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43570 – XML External Entity Injection through a custom View in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43570
04 Nov 2022 — In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario autenticado puede realizar una inyección de entidad externa (XXE) en lenguaje de marcado extensible (XML) a través de una Vista personalizada. La inyección XXE hace... • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html • CWE-611: Improper Restriction of XML External Entity Reference •