133 matches found
Design/Logic Flaw
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language SPL command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with...
CVE-2023-22939 SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language SPL command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with...
CVE-2023-22939 SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language SPL command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with...
CVE-2023-22935 SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects...
CVE-2023-22935
CVE-2023-22935 affects Splunk Enterprise versions prior to 8.1.13, 8.2.10, and 9.0.4. The vulnerability is caused by the display.page.search.patterns.sensitivity parameter which lets a user bypass SPL safeguards for risky commands. It requires a higher-privileged user to initiate a request from t...
CVE-2023-22940 SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language SPL command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the...
PT-2023-18786 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: A cross-site request forgery in the Splunk Secure Gateway SSG app in the 'kvstore client' REST endpoi...
PT-2023-18784 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The issue concerns aliases of the collect search processing language SPL command, including...
PT-2023-18776 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The issue allows for Cross-Site Scripting XSS in an extensible mark-up language XML View through the...
PT-2023-18778 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The issue allows a search to bypass safeguards for risky commands using the...
PT-2023-18775 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.4 Description: The issue allows for Cross-Site Scripting XSS through the error message in a Base64-encoded image in a View. This affects instances with Splunk Web enabled. Recommendations: For versions...
PT-2022-26973 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 9.0.2 Description: The issue allows an authenticated user to perform an extensible markup language XML external entity XX...
CVE-2022-43561
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting XSS. The vulnerability affects instances with Splunk Web enabled...
Cross site scripting
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting XSS. The vulnerability affects instances with Splunk Web enabled...
CVE-2022-43561 Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting XSS. The vulnerability affects instances with Splunk Web enabled...
CVE-2022-43561 Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting XSS. The vulnerability affects instances with Splunk Web enabled...
Splunk Enterprise 8.1 < 8.1.12, 8.2.0 < 8.2.9, 9.0.0 < 9.0.2 (SVD-2022-1101)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2022-1101 advisory. - In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the power Splunk role can store...
CVE-2022-37437
When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service S3 in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions...
CVE-2022-37437
When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service S3 in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions...
CVE-2022-37438
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information for example, username, email, and real name about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user...