Page 3 of 42 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. • https://advisory.splunk.com/advisories/SVD-2023-0612 https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8 • CWE-285: Improper Authorization •

CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0601 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily. • https://advisory.splunk.com/advisories/SVD-2023-0603 https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-436: Interpretation Conflict •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. • https://advisory.splunk.com/advisories/SVD-2023-0209 https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance. • https://advisory.splunk.com/advisories/SVD-2023-0208 • CWE-285: Improper Authorization •