282 matches found
CVE-2023-23954
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability...
CVE-2021-30648
The Symantec Advanced Secure Gateway ASG and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance...
CVE-2025-20231
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a...
CVE-2025-20230
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value...
CVE-2025-20230 Missing Access Control and Incorrect Ownership of Data in App Key Value Store (KVStore) collections in the Splunk Secure Gateway App
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value...
CVE-2025-20231
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a...
CVE-2025-20231
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a...
CVE-2025-20231 Sensitive Information Disclosure in Splunk Secure Gateway App
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a...
CVE-2025-20231 Sensitive Information Disclosure in Splunk Secure Gateway App
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a...
The vulnerability of the implementation of the Simple Network Management Protocol (SNMP) in Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the implementation of the Simple Network Management Protocol SNMP for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance lies in the insufficient protection of operational data. Exploiting this vulnerability can allow a malicious...
CVE-2025-23214
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
CVE-2025-23214
Summary: Cosmos-Server before version 0.17.7 exposes a user-enumeration vulnerability during login, allowing an attacker to determine if a username exists in the database due to error code behavior. This has been addressed in version 0.17.7. Affected software: Cosmos-Server (pre-0.17.7). Root cau...
CVE-2025-23214 Cosmos userbase checking vulnerability
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
The vulnerability of the registration method for mobile devices and the deployment of mobile applications via Splunk Secure Gateway, a platform for operational analysis in Splunk Enterprise, stems from insufficient protection of sensitive data. This vulnerability allows attackers to gain unauthorized access to protected information.
The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to insufficient protection of sensitive data due to improper access control to the KV Store Key Value...
The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, arises from deficiencies in the deserialization mechanism. This allows attackers to execute arbitrary code.
The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to...
Vulnerability fixed in Splunk Enterprise
Splunk has fixed a vulnerability in Splunk Enterprise and Splunk Secure Gateway. The vulnerability is in specific versions of Splunk Enterprise and Splunk Secure Gateway, allowing low-privileged users to remotely execute code without needing admin rights. Splunk has released updates to fix the...
CVE-2024-53243 Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk...
CVE-2024-53243 Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk...
CVE-2024-53247 Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution RCE...
CVE-2024-53247
CVE-2024-53247 affects Splunk Enterprise and the Splunk Secure Gateway app on Splunk Cloud Platform. It enables a low-privileged user (not admin/power) to achieve Remote Code Execution via deserialization issues, with root cause tied to jsonpickle handling in the affected components. Affected ver...