45 matches found
Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0212)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0212 advisory. - In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway SSG...
CVE-2023-22942
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway SSG app in the ‘kvstoreclient’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request...
PT-2023-18786 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: A cross-site request forgery in the Splunk Secure Gateway SSG app in the 'kvstore client' REST endpoi...
CVE-2022-43567 Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app...
PT-2022-26970 · Splunk · Splunk Secure Gateway App +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 9.0.2 Description: The issue allows an authenticated user to run arbitrary operating system commands remotely through...