CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45740 – Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise
https://notcve.org/view.php?id=CVE-2024-45740
14 Oct 2024 — In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user. • https://advisory.splunk.com/advisories/SVD-2024-1010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45731 – Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk
https://notcve.org/view.php?id=CVE-2024-45731
14 Oct 2024 — In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. • https://advisory.splunk.com/advisories/SVD-2024-1001 • CWE-23: Relative Path Traversal •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45735 – Improper Access Control for low-privileged user in Splunk Secure Gateway App
https://notcve.org/view.php?id=CVE-2024-45735
14 Oct 2024 — In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App. • https://advisory.splunk.com/advisories/SVD-2024-1005 • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36997 – Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint
https://notcve.org/view.php?id=CVE-2024-36997
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312, un usuario administrador po... • https://advisory.splunk.com/advisories/SVD-2024-0717 • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36993 – Persistent Cross-site Scripting (XSS) in Web Bulletin
https://notcve.org/view.php?id=CVE-2024-36993
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9... • https://advisory.splunk.com/advisories/SVD-2024-0713 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36995 – Low-privileged user could create experimental items
https://notcve.org/view.php?id=CVE-2024-36995
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podría crear elementos ... • https://advisory.splunk.com/advisories/SVD-2024-0715 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36982 – Denial of Service through null pointer reference in “cluster/config” REST endpoint
https://notcve.org/view.php?id=CVE-2024-36982
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109 y 9.1.2308.207, un atacante podría activar una referencia de puntero nulo en el endpoint REST de... • https://advisory.splunk.com/advisories/SVD-2024-0702 • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2024-36990 – Denial of Service (DoS) on the datamodel/web REST endpoint
https://notcve.org/view.php?id=CVE-2024-36990
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.2.2403.100, un usuario auten... • https://advisory.splunk.com/advisories/SVD-2024-0710 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.0EPSS: 6%CPEs: 3EXPL: 0CVE-2024-36985 – Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2024-36985
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podría provocar una ejecución remota de código a través de una búsqueda externa que haga referenci... • https://advisory.splunk.com/advisories/SVD-2024-0705 • CWE-253: Incorrect Check of Function Return Value CWE-687: Function Call With Incorrectly Specified Argument Value •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36992 – Persistent Cross-site Scripting (XSS) in Dashboard Elements
https://notcve.org/view.php?id=CVE-2024-36992
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exp... • https://advisory.splunk.com/advisories/SVD-2024-0712 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •