Cloud@* Security Vulnerabilities and Issues — Cloud@* CVE List

Lucene search

SplunkCloud*

5 matches found

CVE•added 2023/11/16 9:15 p.m.•221 views

CVE-2023-46214

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

8.8CVSS8.5AI score0.88069EPSS

Web

CVE•added 2024/01/22 9:15 p.m.•177 views

CVE-2024-23675

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.

6.5CVSS6.4AI score0.0009EPSS

CVE•added 2024/01/22 9:15 p.m.•146 views

CVE-2024-23676

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.

4.6CVSS4.1AI score0.00203EPSS

CVE•added 2024/01/22 9:15 p.m.•146 views

CVE-2024-23677

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.

5.3CVSS5.2AI score0.00299EPSS

CVE•added 2023/11/16 9:15 p.m.•134 views

CVE-2023-46213

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.

4.8CVSS5.3AI score0.00167EPSS