CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22165 – Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation
https://notcve.org/view.php?id=CVE-2024-22165
In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users. En versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede crear una investigación con formato incorrecto para realizar una denegación de servicio (DoS). • https://advisory.splunk.com/advisories/SVD-2024-0102 https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-46213 – Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page
https://notcve.org/view.php?id=CVE-2023-46213
In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. En las versiones de Splunk Enterprise inferiores a 9.0.7 y 9.1.2, el escape ineficaz en la función "Mostrar sintaxis resaltada" puede resultar en la ejecución de código no autorizado en el navegador web de un usuario. • https://advisory.splunk.com/advisories/SVD-2023-1103 https://research.splunk.com/application/1030bc63-0b37-4ac9-9ae0-9361c955a3cc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 23%CPEs: 3EXPL: 0CVE-2023-46214 – Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
https://notcve.org/view.php?id=CVE-2023-46214
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance. En las versiones de Splunk Enterprise inferiores a 9.0.7 y 9.1.2, Splunk Enterprise no sanitiza de forma segura las transformaciones de lenguaje de hojas de estilo extensibles (XSLT) que proporcionan los usuarios. Esto significa que un atacante puede cargar XSLT malicioso, lo que puede provocar la ejecución remota de código en la instancia de Splunk Enterprise. • https://advisory.splunk.com/advisories/SVD-2023-1104 https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299 https://github.com/nathan31337/Splunk-RCE-poc https://blog.hrncirik.net/cve-2023-46214-analysis • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40597 – Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
https://notcve.org/view.php?id=CVE-2023-40597
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk. • https://advisory.splunk.com/advisories/SVD-2023-0806 https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40596 – Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL
https://notcve.org/view.php?id=CVE-2023-40596
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine. • https://advisory.splunk.com/advisories/SVD-2023-0805 • CWE-427: Uncontrolled Search Path Element CWE-665: Improper Initialization •