CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36987 – Insecure File Upload in the indexing/preview REST endpoint
https://notcve.org/view.php?id=CVE-2024-36987
01 Jul 2024 — In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200, un usuario autenticado y con pocos privilegios que no tenga las funciones ... • https://advisory.splunk.com/advisories/SVD-2024-0707 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-29945 – Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2024-29945
27 Mar 2024 — In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. En las versiones de Splunk Enterprise inferiores a 9.2.1, 9.1.4 y 9.0.9, el software potencialmente expone tokens de autenticación durante el proceso de validación del token. Esta exposición... • https://advisory.splunk.com/advisories/SVD-2024-0301 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-29946 – Risky command safeguards bypass in Dashboard Examples Hub
https://notcve.org/view.php?id=CVE-2024-29946
27 Mar 2024 — In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. En las versiones de Splunk Enterprise inferiores a 9.2.1, 9.1.4 y 9.0.9, el Centro de ejemplos de paneles de la aplicación Splunk Dashboard Studio carece de protección para c... • https://advisory.splunk.com/advisories/SVD-2024-0302 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46230 – Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder
https://notcve.org/view.php?id=CVE-2023-46230
30 Jan 2024 — In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. En las versiones de Splunk Add-on Builder inferiores a 4.1.4, la aplicación escribe información confidencial en archivos de registro internos. • https://advisory.splunk.com/advisories/SVD-2024-0111 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46231 – Session Token Disclosure to Internal Log Files in Splunk Add-on Builder
https://notcve.org/view.php?id=CVE-2023-46231
30 Jan 2024 — In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on. En las versiones de Splunk Add-on Builder inferiores a 4.1.4, la aplicación escribe tokens de sesión de usuario en sus archivos de registro internos cuando visita Splunk Add-on Builder o cuando crea o edita una aplicación o complemento personalizado. • https://advisory.splunk.com/advisories/SVD-2024-0110 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23678 – Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition
https://notcve.org/view.php?id=CVE-2024-23678
22 Jan 2024 — In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows. En las versiones de Splunk Enterprise para Windows inferiores a 9.0.8 y 9.1.3, Splunk Enterprise no sanitiza correctamente los datos de entrada de ruta. Esto da como resultado la deserialización insegura de datos ... • https://advisory.splunk.com/advisories/SVD-2024-0108 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23676 – Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command
https://notcve.org/view.php?id=CVE-2024-23676
22 Jan 2024 — In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit. En las versiones de Splunk inferiores a 9.0.8 y 9.1.3, el comando SPL “mrollup” permite a un usuario con pocos privilegios ver métricas en un índice para el que no tiene permiso. Esta vulnerabilidad requiere la interacción de un usuario con altos privilegios para p... • https://advisory.splunk.com/advisories/SVD-2024-0106 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23677 – Server Response Disclosure in RapidDiag Salesforce.com Log File
https://notcve.org/view.php?id=CVE-2024-23677
22 Jan 2024 — In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. En las versiones de Splunk Enterprise inferiores a 9.0.8, la utilidad Splunk RapidDiag revela las respuestas del servidor de aplicaciones externas en un archivo de registro. • https://advisory.splunk.com/advisories/SVD-2024-0107 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23675 – Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion
https://notcve.org/view.php?id=CVE-2024-23675
22 Jan 2024 — In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. En las versiones de Splunk Enterprise inferiores a 9.0.8 y 9.1.3, el almacén de valores clave de la aplicación Splunk (KV Store) maneja incorrectamente los permisos para los usuarios que usan la interfaz de programación de aplicaciones (API) REST. Pote... • https://advisory.splunk.com/advisories/SVD-2024-0105 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22164 – Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments
https://notcve.org/view.php?id=CVE-2024-22164
09 Jan 2024 — In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. En las versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede utilizar archivos adjuntos de investigación para realizar una denegación de servicio (DoS) a la investigación. El end... • https://advisory.splunk.com/advisories/SVD-2024-0101 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •