CVSS: 7.8EPSS: 87%CPEs: 4EXPL: 9CVE-2024-36991 – Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows
https://notcve.org/view.php?id=CVE-2024-36991
01 Jul 2024 — In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. En las versiones de Splunk Enterprise en Windows inferiores a 9.2.2, 9.1.5 y 9.0.10, un atacante podría realizar un path traversal en el endpoint /modules/messaging/ en Splunk Enterprise en Windows. Esta vulnerabilidad solo debería afectar a Splunk Enterprise... • https://packetstorm.news/files/id/190154 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2024-36990 – Denial of Service (DoS) on the datamodel/web REST endpoint
https://notcve.org/view.php?id=CVE-2024-36990
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.2.2403.100, un usuario auten... • https://advisory.splunk.com/advisories/SVD-2024-0710 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.0EPSS: 6%CPEs: 3EXPL: 0CVE-2024-36985 – Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2024-36985
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podría provocar una ejecución remota de código a través de una búsqueda externa que haga referenci... • https://advisory.splunk.com/advisories/SVD-2024-0705 • CWE-253: Incorrect Check of Function Return Value CWE-687: Function Call With Incorrectly Specified Argument Value •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36992 – Persistent Cross-site Scripting (XSS) in Dashboard Elements
https://notcve.org/view.php?id=CVE-2024-36992
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exp... • https://advisory.splunk.com/advisories/SVD-2024-0712 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 3%CPEs: 3EXPL: 0CVE-2024-36984 – Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows
https://notcve.org/view.php?id=CVE-2024-36984
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 en Windows, un usuario autenticado podría ejecutar una consulta especialmente manipulada que luego podría usar para serializar datos que no sean de confianza. El atacante podría utilizar la ... • https://advisory.splunk.com/advisories/SVD-2024-0704 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36986 – Risky command safeguards bypass through Search ID query in Analytics Workspace
https://notcve.org/view.php?id=CVE-2024-36986
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at w... • https://advisory.splunk.com/advisories/SVD-2024-0706 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 1%CPEs: 5EXPL: 0CVE-2024-36983 – Command Injection using External Lookups
https://notcve.org/view.php?id=CVE-2024-36983
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las v... • https://advisory.splunk.com/advisories/SVD-2024-0703 • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36996 – Information Disclosure of user names
https://notcve.org/view.php?id=CVE-2024-36996
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) au... • https://advisory.splunk.com/advisories/SVD-2024-0716 • CWE-204: Observable Response Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36994 – Persistent Cross-site Scripting (XSS) in Dashboard Elements
https://notcve.org/view.php?id=CVE-2024-36994
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.231... • https://advisory.splunk.com/advisories/SVD-2024-0714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36989 – Low-privileged user could create notifications in Splunk Web Bulletin Messages
https://notcve.org/view.php?id=CVE-2024-36989
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200, un usuario con pocos privilegios que no tenga las funciones de administrador o p... • https://advisory.splunk.com/advisories/SVD-2024-0709 • CWE-284: Improper Access Control •