CVE-2024-45735 – Improper Access Control for low-privileged user in Splunk Secure Gateway App
https://notcve.org/view.php?id=CVE-2024-45735
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App. • https://advisory.splunk.com/advisories/SVD-2024-1005 https://research.splunk.com/application/0a3d6035-7bef-4dfa-b01e-84349edac3b4 • CWE-284: Improper Access Control •
CVE-2024-36997 – Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint
https://notcve.org/view.php?id=CVE-2024-36997
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312, un usuario administrador podría almacenar y ejecutar código JavaScript arbitrario en el contexto del navegador de otro usuario de Splunk a través de conf-web/settings endpoint REST. Potencialmente, esto podría provocar un exploit de cross-site scripting (XSS) persistente. • https://advisory.splunk.com/advisories/SVD-2024-0717 https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-36993 – Persistent Cross-site Scripting (XSS) in Web Bulletin
https://notcve.org/view.php?id=CVE-2024-36993
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga las funciones de administrador o poder de Splunk podría crear un payload malicioso a través de mensajes de boletín web de Splunk que podría resultar en la ejecución de código JavaScript no autorizado en el navegador de un usuario. • https://advisory.splunk.com/advisories/SVD-2024-0713 https://research.splunk.com/application/fd852b27-1882-4505-9f2c-64dfb96f4fc1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-36995 – Low-privileged user could create experimental items
https://notcve.org/view.php?id=CVE-2024-36995
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podría crear elementos experimentales. • https://advisory.splunk.com/advisories/SVD-2024-0715 https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34 • CWE-862: Missing Authorization •
CVE-2024-36982 – Denial of Service through null pointer reference in “cluster/config” REST endpoint
https://notcve.org/view.php?id=CVE-2024-36982
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109 y 9.1.2308.207, un atacante podría activar una referencia de puntero nulo en el endpoint REST del clúster/configuración, lo que podría provocar en un accidente del daemon Splunk. • https://advisory.splunk.com/advisories/SVD-2024-0702 • CWE-476: NULL Pointer Dereference •