3 matches found
Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0206)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0206 advisory. - In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the searchlistener' parameter in a search allows for a blind...
CVE-2023-22936
The CVE-2023-22936 issue affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 are vulnerable via the search_listener parameter in a search, enabling a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot observe the response unle...
CVE-2023-22936 Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘searchlistener’ parameter in a search allows for a blind server-side request forgery SSRF by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within t...