Lucene search
K

20788 matches found

Cvelist
Cvelist
added 2024/10/14 5:3 p.m.24 views

CVE-2024-45734 Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed...

4.3CVSS0.00349EPSS
Exploits0References2
CVE
CVE
added 2024/10/14 5:3 p.m.82 views

CVE-2024-45740

CVE-2024-45740 affects Splunk Enterprise <9.2.3/9.1.6 and Splunk Cloud Platform

5.4CVSS5.6AI score0.00355EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2024/10/14 5:3 p.m.12 views

CVE-2024-45740 Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript cod...

5.4CVSS7.3AI score0.00355EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/14 5:3 p.m.29 views

CVE-2024-45740 Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript cod...

5.4CVSS0.00355EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/14 4:46 p.m.29 views

CVE-2024-45731 Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for...

8CVSS0.00535EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/14 4:46 p.m.10 views

CVE-2024-45731 Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for...

8CVSS7.2AI score0.00535EPSS
Exploits0References2
CVE
CVE
added 2024/10/14 4:46 p.m.92 views

CVE-2024-45731

Summary: CVE-2024-45731 affects Splunk Enterprise for Windows prior to 9.3.1, 9.2.3, and 9.1.6. A low-privileged user (not admin/power roles) could write a file to the Windows system root (default System32 location) when Splunk is installed on a separate drive. Root cause / impact: arbitrary file...

8CVSS7.8AI score0.00535EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/14 4:45 p.m.20 views

CVE-2024-45735 Improper Access Control for low-privileged user in Splunk Secure Gateway App

In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store KV Store deployment configuration an...

4.3CVSS7.1AI score0.00349EPSS
Exploits0References2
CVE
CVE
added 2024/10/14 4:45 p.m.67 views

CVE-2024-45735

Summary (CVE-2024-45735) : Splunk Enterprise versions before 9.2.3 and 9.1.6, and Splunk Secure Gateway on Splunk Cloud Platform versions before 3.4.259, 3.6.17, or 3.7.0 allow a low-privileged user (not admin/power) to view App Key Value Store (KV Store) deployment configuration and public/priva...

4.3CVSS4.5AI score0.00349EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2024/10/14 4:45 p.m.25 views

CVE-2024-45735 Improper Access Control for low-privileged user in Splunk Secure Gateway App

In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store KV Store deployment configuration an...

4.3CVSS0.00349EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.5 views

Splunk Enterprise 安全漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions 9.3.x prior to 9.3.1, 9.2.x prior to 9.2.3, and 9.1.x prior to 9.1.6, which stems from the possibility of exposing sensitive...

4.9CVSS6.6AI score0.00488EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.5 views

PT-2024-7166 · Splunk · Splunk Cloud Platform +2

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.3 and 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.108 and 9.1.2312.205 Description: A low-privileged user without the "admin" or "power" Splunk roles could create a malicious payload through ...

5.5CVSS6AI score0.12945EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.5 views

Splunk Enterprise 安全漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions 9.2.x prior to 9.2.3 and 9.1.x prior to 9.1.6, which stems from a low-privileged user being able to view an image on a...

4.3CVSS6.6AI score0.00349EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.2 views

Splunk Enterprise和Splunk Cloud Platform 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...

7.1CVSS6.6AI score0.00397EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.3 views

Splunk Enterprise 安全漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions 9.2.x prior to 9.2.3 and 9.1.x prior to 9.1.6, which stems from an insecure session store configuration that could allow a...

8.8CVSS7AI score0.01092EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.4 views

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...

5.4CVSS6.8AI score0.00355EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.3 views

Splunk Enterprise和Splunk Cloud Platform 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...

6.5CVSS6.6AI score0.00541EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.7 views

PT-2024-7156 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise version 9.2.0 through 9.2.3 Splunk Cloud Platform versions prior to 9.2.2403.103 Splunk Cloud Platform versions 9.1.2312.200 through 9.1.2312.110 Splunk Cloud Platform version...

7.5CVSS7.2AI score0.00397EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.17 views

Splunk Enterprise和Splunk Cloud Platform 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...

5.4CVSS7AI score0.12945EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.7 views

PT-2024-7417 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.107 Splunk Cloud Platform versions prior to 9.1.2312.204 Splunk Clo...

6.8CVSS6.8AI score0.00541EPSS
Exploits0References11
Rows per page
Query Builder