CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22165 – Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation
https://notcve.org/view.php?id=CVE-2024-22165
09 Jan 2024 — In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.
The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most user... • https://advisory.splunk.com/advisories/SVD-2024-0102 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-46213 – Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page
https://notcve.org/view.php?id=CVE-2023-46213
16 Nov 2023 — In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. En las versiones de Splunk Enterprise inferiores a 9.0.7 y 9.1.2, el escape ineficaz en la función "Mostrar sintaxis resaltada" puede resultar en la ejecución de código no autorizado en el navegador web de un usuario. • https://advisory.splunk.com/advisories/SVD-2023-1103 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 86%CPEs: 3EXPL: 1CVE-2023-46214 – Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
https://notcve.org/view.php?id=CVE-2023-46214
16 Nov 2023 — In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance. En las versiones de Splunk Enterprise inferiores a 9.0.7 y 9.1.2, Splunk Enterprise no sanitiza de forma segura las transformaciones de lenguaje de hojas de estilo extensibles (XSLT) que proporcionan los usuarios... • https://packetstorm.news/files/id/176154 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40597 – Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
https://notcve.org/view.php?id=CVE-2023-40597
30 Aug 2023 — In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk. • https://advisory.splunk.com/advisories/SVD-2023-0806 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40596 – Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL
https://notcve.org/view.php?id=CVE-2023-40596
30 Aug 2023 — In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine. • https://advisory.splunk.com/advisories/SVD-2023-0805 • CWE-427: Uncontrolled Search Path Element CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40593 – Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request
https://notcve.org/view.php?id=CVE-2023-40593
30 Aug 2023 — In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0802 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40594 – Denial of Service (DoS) via the ‘printf’ Search Function
https://notcve.org/view.php?id=CVE-2023-40594
30 Aug 2023 — In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance. • https://advisory.splunk.com/advisories/SVD-2023-0803 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4571 – Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)
https://notcve.org/view.php?id=CVE-2023-4571
30 Aug 2023 — In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additio... • https://advisory.splunk.com/advisories/SVD-2023-0810 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40592 – Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint
https://notcve.org/view.php?id=CVE-2023-40592
30 Aug 2023 — In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance. • https://advisory.splunk.com/advisories/SVD-2023-0801 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0CVE-2023-40595 – Remote Code Execution via Serialized Session Payload
https://notcve.org/view.php?id=CVE-2023-40595
30 Aug 2023 — In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code. • https://advisory.splunk.com/advisories/SVD-2023-0804 • CWE-502: Deserialization of Untrusted Data •