CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36989 – Low-privileged user could create notifications in Splunk Web Bulletin Messages
https://notcve.org/view.php?id=CVE-2024-36989
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200, un usuario con pocos privilegios que no tenga las funciones de administrador o p... • https://advisory.splunk.com/advisories/SVD-2024-0709 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36987 – Insecure File Upload in the indexing/preview REST endpoint
https://notcve.org/view.php?id=CVE-2024-36987
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200, un usuario autenticado y con pocos privilegios que no tenga las funciones ... • https://advisory.splunk.com/advisories/SVD-2024-0707 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23676 – Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command
https://notcve.org/view.php?id=CVE-2024-23676
22 Jan 2024 — In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit. En las versiones de Splunk inferiores a 9.0.8 y 9.1.3, el comando SPL “mrollup” permite a un usuario con pocos privilegios ver métricas en un índice para el que no tiene permiso. Esta vulnerabilidad requiere la interacción de un usuario con altos privilegios para p... • https://advisory.splunk.com/advisories/SVD-2024-0106 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23677 – Server Response Disclosure in RapidDiag Salesforce.com Log File
https://notcve.org/view.php?id=CVE-2024-23677
22 Jan 2024 — In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. En las versiones de Splunk Enterprise inferiores a 9.0.8, la utilidad Splunk RapidDiag revela las respuestas del servidor de aplicaciones externas en un archivo de registro. • https://advisory.splunk.com/advisories/SVD-2024-0107 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23675 – Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion
https://notcve.org/view.php?id=CVE-2024-23675
22 Jan 2024 — In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. En las versiones de Splunk Enterprise inferiores a 9.0.8 y 9.1.3, el almacén de valores clave de la aplicación Splunk (KV Store) maneja incorrectamente los permisos para los usuarios que usan la interfaz de programación de aplicaciones (API) REST. Pote... • https://advisory.splunk.com/advisories/SVD-2024-0105 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-46213 – Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page
https://notcve.org/view.php?id=CVE-2023-46213
16 Nov 2023 — In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. En las versiones de Splunk Enterprise inferiores a 9.0.7 y 9.1.2, el escape ineficaz en la función "Mostrar sintaxis resaltada" puede resultar en la ejecución de código no autorizado en el navegador web de un usuario. • https://advisory.splunk.com/advisories/SVD-2023-1103 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 88%CPEs: 3EXPL: 1CVE-2023-46214 – Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
https://notcve.org/view.php?id=CVE-2023-46214
16 Nov 2023 — In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance. En las versiones de Splunk Enterprise inferiores a 9.0.7 y 9.1.2, Splunk Enterprise no sanitiza de forma segura las transformaciones de lenguaje de hojas de estilo extensibles (XSLT) que proporcionan los usuarios... • https://packetstorm.news/files/id/176154 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40597 – Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
https://notcve.org/view.php?id=CVE-2023-40597
30 Aug 2023 — In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk. • https://advisory.splunk.com/advisories/SVD-2023-0806 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40593 – Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request
https://notcve.org/view.php?id=CVE-2023-40593
30 Aug 2023 — In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0802 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40594 – Denial of Service (DoS) via the ‘printf’ Search Function
https://notcve.org/view.php?id=CVE-2023-40594
30 Aug 2023 — In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance. • https://advisory.splunk.com/advisories/SVD-2023-0803 • CWE-400: Uncontrolled Resource Consumption •