Page 3 of 36 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. Una configuración errónea en la ruta por defecto del nodo permite una escalada de privilegios local de un usuario menos privilegiado al usuario de Splunk en Splunk Enterprise versiones anteriores a 8.1.1 en Windows • https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium. • https://claroty.com/2022/03/24/blog-research-locking-down-splunk-enterprise-indexers-and-forwarders https://www.splunk.com/en_us/product-security/announcements/svd-2022-0301.html • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges Splunk versión 5.0.3, presenta una Ruta de Servicio Sin Comillas en Windows para Universal Forwarder que puede permitir a un atacante escalar privilegios. • http://www.splunk.com/view/SP-CAAAHXG • CWE-269: Improper Privilege Management •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking Splunk versiones anteriores a 5.0.4, carece de X-Frame-Options que puede permitir un Secuestro del Cliqueo. • http://www.splunk.com/view/SP-CAAAH32 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0

Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827. Splunk Web en Splunk Enterprise, en versiones 6.5.x anteriores a la 6.5.5, versiones 6.4.x anteriores a la 6.4.9, versiones 6.3.x anteriores a la 6.3.12, versiones 6.2.x anteriores a la 6.2.14, versiones 6.1.x anteriores a la 6.1.14 y versiones 6.0.x anteriores a la 6.0.15; y Splunk Light, en versiones anteriores a la 6.6.0, tiene Cross-Site Scripting (XSS) persistente. Esto también se conoce como SPL-138827. • http://www.securityfocus.com/bid/107113 https://www.splunk.com/view/SP-CAAAQAF • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •