Lucene search
K

282 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:12 a.m.7 views

CVE-2023-23954

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability...

5.4CVSS5.7AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:39 p.m.7 views

CVE-2021-30648

The Symantec Advanced Secure Gateway ASG and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance...

9.8CVSS7.9AI score0.01447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/28 10:39 p.m.15 views

CVE-2025-20231

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a...

7.1CVSS6.7AI score0.00479EPSS
Exploits0References3
OSV
OSV
added 2025/03/26 11:15 p.m.3 views

CVE-2025-20230

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value...

6.5CVSS5.8AI score0.003EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/26 10:24 p.m.7 views

CVE-2025-20230 Missing Access Control and Incorrect Ownership of Data in App Key Value Store (KVStore) collections in the Splunk Secure Gateway App

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value...

4.3CVSS4.6AI score0.003EPSS
Exploits0References1
OSV
OSV
added 2025/03/26 10:15 p.m.3 views

CVE-2025-20231

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a...

5.7CVSS5.8AI score0.00479EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/26 10:15 p.m.3 views

CVE-2025-20231

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a...

7.1CVSS5.8AI score0.00479EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2025/03/26 9:45 p.m.8 views

CVE-2025-20231 Sensitive Information Disclosure in Splunk Secure Gateway App

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a...

7.1CVSS6.6AI score0.00479EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 9:45 p.m.21 views

CVE-2025-20231 Sensitive Information Disclosure in Splunk Secure Gateway App

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a...

7.1CVSS0.00479EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.6 views

The vulnerability of the implementation of the Simple Network Management Protocol (SNMP) in Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the implementation of the Simple Network Management Protocol SNMP for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance lies in the insufficient protection of operational data. Exploiting this vulnerability can allow a malicious...

4.3CVSS5.5AI score0.00331EPSS
Exploits0References2Affected Software3
NVD
NVD
added 2025/01/20 6:15 p.m.12 views

CVE-2025-23214

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...

6.9CVSS0.00608EPSS
Exploits0References2
CVE
CVE
added 2025/01/20 6:9 p.m.58 views

CVE-2025-23214

Summary: Cosmos-Server before version 0.17.7 exposes a user-enumeration vulnerability during login, allowing an attacker to determine if a username exists in the database due to error code behavior. This has been addressed in version 0.17.7. Affected software: Cosmos-Server (pre-0.17.7). Root cau...

6.9CVSS7AI score0.00608EPSS
Exploits0References2
OSV
OSV
added 2025/01/20 6:9 p.m.7 views

CVE-2025-23214 Cosmos userbase checking vulnerability

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...

6.9CVSS7AI score0.00608EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/12/27 12:0 a.m.8 views

The vulnerability of the registration method for mobile devices and the deployment of mobile applications via Splunk Secure Gateway, a platform for operational analysis in Splunk Enterprise, stems from insufficient protection of sensitive data. This vulnerability allows attackers to gain unauthorized access to protected information.

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to insufficient protection of sensitive data due to improper access control to the KV Store Key Value...

4.3CVSS5.5AI score0.00286EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/12/12 12:0 a.m.6 views

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, arises from deficiencies in the deserialization mechanism. This allows attackers to execute arbitrary code.

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to...

9CVSS6AI score0.01084EPSS
Exploits0References3Affected Software2
NCSC
NCSC
added 2024/12/11 8:53 a.m.15 views

Vulnerability fixed in Splunk Enterprise

Splunk has fixed a vulnerability in Splunk Enterprise and Splunk Secure Gateway. The vulnerability is in specific versions of Splunk Enterprise and Splunk Secure Gateway, allowing low-privileged users to remotely execute code without needing admin rights. Splunk has released updates to fix the...

8.8CVSS7.2AI score0.01084EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/10 6:0 p.m.32 views

CVE-2024-53243 Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk...

4.3CVSS0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/10 6:0 p.m.9 views

CVE-2024-53243 Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk...

4.3CVSS7.1AI score0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/10 6:0 p.m.18 views

CVE-2024-53247 Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution RCE...

8.8CVSS9AI score0.01084EPSS
Exploits0References1
CVE
CVE
added 2024/12/10 6:0 p.m.128 views

CVE-2024-53247

CVE-2024-53247 affects Splunk Enterprise and the Splunk Secure Gateway app on Splunk Cloud Platform. It enables a low-privileged user (not admin/power) to achieve Remote Code Execution via deserialization issues, with root cause tied to jsonpickle handling in the affected components. Affected ver...

8.8CVSS9AI score0.01084EPSS
Exploits0References1
Rows per page
Query Builder