CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36989 – Low-privileged user could create notifications in Splunk Web Bulletin Messages
https://notcve.org/view.php?id=CVE-2024-36989
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200, un usuario con pocos privilegios que no tenga las funciones de administrador o poder de Splunk podría crear notificaciones en los mensajes del boletín web de Splunk. que reciben todos los usuarios de la instancia. • https://advisory.splunk.com/advisories/SVD-2024-0709 https://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36987 – Insecure File Upload in the indexing/preview REST endpoint
https://notcve.org/view.php?id=CVE-2024-36987
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200, un usuario autenticado y con pocos privilegios que no tenga las funciones de administrador o poder de Splunk podría cargar un archivo con una extensión arbitraria utilizando el endpoint REST de indexación/vista previa. • https://advisory.splunk.com/advisories/SVD-2024-0707 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40597 – Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
https://notcve.org/view.php?id=CVE-2023-40597
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk. • https://advisory.splunk.com/advisories/SVD-2023-0806 https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40593 – Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request
https://notcve.org/view.php?id=CVE-2023-40593
In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0802 https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40594 – Denial of Service (DoS) via the ‘printf’ Search Function
https://notcve.org/view.php?id=CVE-2023-40594
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance. • https://advisory.splunk.com/advisories/SVD-2023-0803 https://research.splunk.com/application/78b48d08-075c-4eac-bd07-e364c3780867 • CWE-400: Uncontrolled Resource Consumption •