CVE-2023-22934 – SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22934
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser. • https://advisory.splunk.com/advisories/SVD-2023-0204 https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd • CWE-20: Improper Input Validation CWE-108: Struts: Unvalidated Action Form •
CVE-2023-22940 – SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22940
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled. • https://advisory.splunk.com/advisories/SVD-2023-0210 https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd • CWE-20: Improper Input Validation •
CVE-2022-43572 – Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43572
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, el envío de un archivo con formato incorrecto a través de los protocolos Splunk-to-Splunk (S2S) o HTTP Event Collector (HEC) a un indexador provoca un bloqueo o denegación fuera de servicio evitando una mayor indexación. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-400: Uncontrolled Resource Consumption •
CVE-2022-43570 – XML External Entity Injection through a custom View in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43570
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario autenticado puede realizar una inyección de entidad externa (XXE) en lenguaje de marcado extensible (XML) a través de una Vista personalizada. La inyección XXE hace que Splunk Web incruste documentos incorrectos en un error. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-1110.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-43569 – Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43569
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario autenticado puede inyectar y almacenar secuencias de comandos arbitrarias que pueden generar Cross-Site Scripting (XSS) persistentes en el nombre del objeto de un Modelo de Datos. • https://research.splunk.com/application/062bff76-5f9c-496e-a386-cb1adcf69871 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1109.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •