14 results (0.031 seconds)

CVSS: 7.5EPSS: 10%CPEs: 4EXPL: 5

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. En las versiones de Splunk Enterprise en Windows inferiores a 9.2.2, 9.1.5 y 9.0.10, un atacante podría realizar un path traversal en el endpoint /modules/messaging/ en Splunk Enterprise en Windows. Esta vulnerabilidad solo debería afectar a Splunk Enterprise en Windows. • https://github.com/bigb0x/CVE-2024-36991 https://github.com/Mr-xn/CVE-2024-36991 https://github.com/th3gokul/CVE-2024-36991 https://github.com/Cappricio-Securities/CVE-2024-36991 https://github.com/sardine-web/CVE-2024-36991 https://advisory.splunk.com/advisories/SVD-2024-0711 https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. En las versiones de Splunk Enterprise inferiores a 9.2.1, 9.1.4 y 9.0.9, el software potencialmente expone tokens de autenticación durante el proceso de validación del token. Esta exposición ocurre cuando Splunk Enterprise se ejecuta en modo de depuración o el componente JsonWebToken se ha configurado para registrar su actividad en el nivel de registro DEBUG. • https://advisory.splunk.com/advisories/SVD-2024-0301 https://research.splunk.com/application/9a67e749-d291-40dd-8376-d422e7ecf8b5 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. En las versiones de Splunk Enterprise inferiores a 9.2.1, 9.1.4 y 9.0.9, el Centro de ejemplos de paneles de la aplicación Splunk Dashboard Studio carece de protección para comandos SPL riesgosos. Esto podría permitir a los atacantes eludir las salvaguardas de SPL para comandos riesgosos en el Hub. • https://advisory.splunk.com/advisories/SVD-2024-0302 https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows. En las versiones de Splunk Enterprise para Windows inferiores a 9.0.8 y 9.1.3, Splunk Enterprise no sanitiza correctamente los datos de entrada de ruta. Esto da como resultado la deserialización insegura de datos que no son de confianza desde una partición de disco separada en la máquina. • https://advisory.splunk.com/advisories/SVD-2024-0108 https://research.splunk.com/application/947d4d2e-1b64-41fc-b32a-736ddb88ce97 • CWE-20: Improper Input Validation •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit. En las versiones de Splunk inferiores a 9.0.8 y 9.1.3, el comando SPL “mrollup” permite a un usuario con pocos privilegios ver métricas en un índice para el que no tiene permiso. Esta vulnerabilidad requiere la interacción de un usuario con altos privilegios para poder explotarla. • https://advisory.splunk.com/advisories/SVD-2024-0106 https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd • CWE-20: Improper Input Validation •