CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36982 – Denial of Service through null pointer reference in “cluster/config” REST endpoint
https://notcve.org/view.php?id=CVE-2024-36982
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109 y 9.1.2308.207, un atacante podría activar una referencia de puntero nulo en el endpoint REST del clúster/configuración, lo que podría provocar en un accidente del daemon Splunk. • https://advisory.splunk.com/advisories/SVD-2024-0702 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36990 – Denial of Service (DoS) on the datamodel/web REST endpoint
https://notcve.org/view.php?id=CVE-2024-36990
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.2.2403.100, un usuario autenticado y con pocos privilegios que no tenga los roles de administrador o de poder de Splunk podría enviar un mensaje HTTP especialmente manipulado. Solicitud POST al modelo de datos/endpoint REST web en Splunk Enterprise, lo que podría provocar una denegación de servicio. • https://advisory.splunk.com/advisories/SVD-2024-0710 https://research.splunk.com/application/45766810-dbb2-44d4-b889-b4ba3ee0d1f5 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36992 – Persistent Cross-site Scripting (XSS) in Dashboard Elements
https://notcve.org/view.php?id=CVE-2024-36992
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podría crear un payload malicioso a través de una Vista que podría resultar en la ejecución de código JavaScript no autorizado en el navegador de un usuario.bEl parámetro "url" del elemento Panel no tiene una validación de entrada adecuada para rechazar URL no válidas, lo que podría provocar un exploit de Cross-Site Scripting (XSS). • https://advisory.splunk.com/advisories/SVD-2024-0712 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36986 – Risky command safeguards bypass through Search ID query in Analytics Workspace
https://notcve.org/view.php?id=CVE-2024-36986
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario autenticado podría ejecutar comandos riesgosos utilizando los permisos de un usuario con mayores privilegios para evitar SPL. salvaguardias para comandos riesgosos en Analytics Workspace. La vulnerabilidad requiere que el usuario autenticado realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://advisory.splunk.com/advisories/SVD-2024-0706 https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36983 – Command Injection using External Lookups
https://notcve.org/view.php?id=CVE-2024-36983
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109 y 9.1.2308.207, un usuario autenticado podría crear una búsqueda externa que llame a una función interna heredada. El usuario autenticado podría utilizar esta función interna para insertar código en el directorio de instalación de la plataforma Splunk. • https://advisory.splunk.com/advisories/SVD-2024-0703 https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •