Cloud Security Vulnerabilities and Issues — Cloud CVE List

Lucene search

SplunkCloud

3 matches found

CVE•added 2024/01/22 9:15 p.m.•176 views

CVE-2024-23675

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.

6.5CVSS6.4AI score0.00069EPSS

CVE•added 2024/07/01 5:15 p.m.•64 views

CVE-2024-36986

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspac...

6.3CVSS5.9AI score0.00058EPSS

CVE•added 2024/07/01 5:15 p.m.•59 views

CVE-2024-36987

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.

6.5CVSS5.2AI score0.00216EPSS