Lucene search
K

133 matches found

BDU FSTEC
BDU FSTEC
added 2024/07/15 12:0 a.m.5 views

The vulnerability of the Analytics Workspace web interface module in the Splunk Web platform for operational analysis in Splunk Enterprise allows a hacker to bypass security restrictions and execute arbitrary commands.

The vulnerability of the Analytics Workspace web interface in the Splunk Web platform for operational analysis in Splunk Enterprise is related to insufficient protection of sensitive data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/15 12:0 a.m.5 views

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

8.1CVSS5.2AI score0.00547EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/08 12:0 a.m.5 views

The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise allows a hacker to read arbitrary files.

The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise relates to an incorrect restriction on the path to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to read arbitrary files remotely...

7.8CVSS7.8AI score0.1311EPSS
Exploits10References4Affected Software1
GithubExploit
GithubExploit
added 2024/07/06 12:49 a.m.720 views

Exploit for Path Traversal in Splunk

CVE-2024-36991 POC for CVE-2024-36991: This exploit will attem...

7.5CVSS7.5AI score0.1311EPSS
Exploits10
NVD
NVD
added 2024/07/01 5:15 p.m.32 views

CVE-2024-36993

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...

5.4CVSS0.00373EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/07/01 4:54 p.m.26 views

CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...

5.4CVSS0.00373EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.7 views

PT-2024-27235 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Splunk Cloud Platform versions prior to 9.1.2308.207...

5.4CVSS7.4AI score0.00373EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.5 views

PT-2024-4753 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Description: The issue is related to the Upload Data module in...

6.5CVSS7.1AI score0.00291EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.4 views

PT-2024-4750 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Splunk Cloud Platform versions prior to 9.1.2308.207...

5.5CVSS6.8AI score0.00302EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2024/04/08 12:0 a.m.6 views

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a malicious actor to read and write arbitrary files into the system.

The vulnerability of the Splunk Enterprise platform for operational analysis is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to read and write arbitrary files into the system using a specially created HTTP...

8.5CVSS7.6AI score0.42824EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/09/07 12:0 a.m.6 views

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to execute arbitrary code.

The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request...

10CVSS8.1AI score0.00816EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/09/07 12:0 a.m.4 views

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating system’s operational analysis platform allows a perpetrator to execute arbitrary code and gain increased privileges.

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating system’s operational analysis platform is related to an incorrect initialization of resources when processing the OPENSSLDIR value. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain...

7CVSS8AI score0.00156EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/07 12:0 a.m.6 views

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability in the Splunk Web interface of the Splunk Enterprise operational analytics platform is related to the lack of protection for the web page structure during the processing of the final endpoint /app/search/table. Exploiting this vulnerability allows a malicious actor to perform...

8.5CVSS6AI score0.00541EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.3 views

PT-2023-4797 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.2.12 Splunk Enterprise versions prior to 9.0.6 Splunk Enterprise versions prior to 9.1.1 Description: The issue is related to a deserialization mechanism flaw in the Splunk Web interface of Splunk...

10CVSS8.3AI score0.00816EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/02/16 12:0 a.m.27 views

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0210)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0210 advisory. - In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the collect' search processing language SPL command...

6.3CVSS6.1AI score0.00429EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/16 12:0 a.m.36 views

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0205)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0205 advisory. - In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the display.page.search.patterns.sensitivity' search parameter...

8.8CVSS8AI score0.00613EPSS
Exploits0References2
OSV
OSV
added 2023/02/14 6:15 p.m.4 views

CVE-2023-22940

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language SPL command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the...

5.7CVSS6.2AI score0.00429EPSS
Exploits0References2
OSV
OSV
added 2023/02/14 6:15 p.m.4 views

CVE-2023-22932

In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting XSS through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0...

6.1CVSS6.4AI score0.00398EPSS
Exploits0References2
OSV
OSV
added 2023/02/14 6:15 p.m.5 views

CVE-2023-22935

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects...

8.8CVSS5.8AI score0.00613EPSS
Exploits0References2
Prion
Prion
added 2023/02/14 6:15 p.m.20 views

Design/Logic Flaw

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language SPL command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with...

6.8CVSS8.6AI score0.00587EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder