Lucene search
+L

4 matches found

Tenable Nessus
Tenable Nessus
added 2023/02/16 12:0 a.m.57 views

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0208)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0208 advisory. - In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the sendemail' REST API endpoint lets any authenticated user...

4.3CVSS5.3AI score0.00359EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/14 5:24 p.m.8 views

CVE-2023-22938 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance...

4.3CVSS4.5AI score0.00359EPSS
Exploits0References1
CVE
CVE
added 2023/02/14 5:24 p.m.189 views

CVE-2023-22938

CVE-2023-22938 affects Splunk Enterprise: in versions below 8.1.13, 8.2.10, and 9.0.4, the sendemail REST API endpoint allows any authenticated user to send an email as the Splunk instance. The root cause is improper permission validation on the endpoint, enabling unauthorized mail actions. The v...

4.3CVSS4.5AI score0.00359EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/02/14 5:24 p.m.23 views

CVE-2023-22938 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance...

4.3CVSS4.8AI score0.00359EPSS
Exploits0References1
Rows per page
Query Builder