39 matches found
CVE-2023-32707
Summary of CVE-2023-32707 : Affected Splunk products include Splunk Enterprise < 9.0.5, 8.2.11, and 8.1.14 and Splunk Cloud Platform
CVE-2023-40598
CVE-2023-40598 affects Splunk Enterprise prior to 8.2.12, 9.0.6, and 9.1.1. The issue allows an attacker to create an external lookup that calls a legacy internal function, enabling insertion of code into the Splunk installation directory and resulting in arbitrary code execution on the platform ...
CVE-2023-32708
Summary of CVE-2023-32708 (Splunk): A HTTP response splitting vulnerability can be triggered by the REST command via the rest SPL, allowing a low-privileged user to potentially access other REST endpoints. Affected products/versions are: Splunk Enterprise < 9.0.5, < 8.2.11, and < 8.1.14,...
CVE-2023-22938
CVE-2023-22938 affects Splunk Enterprise: in versions below 8.1.13, 8.2.10, and 9.0.4, the sendemail REST API endpoint allows any authenticated user to send an email as the Splunk instance. The root cause is improper permission validation on the endpoint, enabling unauthorized mail actions. The v...
CVE-2023-22941
CVE-2023-22941 affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 are vulnerable due to an improperly formatted INGEST_EVAL parameter in a Field Transformation, which can crash the splunkd daemon. The issue is rooted in input parsing of INGEST_EVAL/INGEST EVAL and has the pote...
CVE-2023-22933
CVE-2023-22933 affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 expose a Cross-Site Scripting (XSS) vulnerability in an XML View via the layoutPanel attribute on the module tag. The issue arises in Splunk Web-enabled deployments and could allow client-side code execution. Re...
CVE-2023-32706
Summary: CVE-2023-32706 affects Splunk Enterprise versions prior to 9.0.5, 8.2.11, and 8.1.14. An unauthenticated attacker can send specially crafted messages to the XML parser in SAML authentication, triggering a Denial of Service (DoS) in the Splunk daemon. What’s affected: Splunk Enterprise on...
CVE-2023-22936
The CVE-2023-22936 issue affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 are vulnerable via the search_listener parameter in a search, enabling a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot observe the response unle...
CVE-2023-32716
The CVE-2023-32716 issue affects Splunk Enterprise and Splunk Cloud Platform where the vulnerable code path is the {{dump}} SPL command. Affected are Splunk Enterprise versions prior to 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions prior to 9.0.2303.100. Exploitation can cause a d...
CVE-2023-22934
Splunk Enterprise is affected in versions prior to 8.1.13, 8.2.10, and 9.0.4. The vulnerability stems from the pivot SPL command bypassing safeguards for risky commands when used with a saved search job, requiring an authenticated user to craft the saved job and a higher-privileged user to initia...
CVE-2023-22939
The CVE-2023-22939 vulnerability affects Splunk Enterprise versions prior to 8.1.13, 8.2.10, and 9.0.4. It involves the map SPL command that lets a search bypass safeguards for risky commands, requiring a higher-privileged user to initiate a request from a user’s browser and only impacting instan...
CVE-2023-32710
Summary: CVE-2023-32710 affects Splunk Enterprise versions prior to 9.0.5, 8.2.11, 8.1.14 and Splunk Cloud Platform prior to 9.0.2303.100. A low-privileged user can transfer data from a recently run search by using the copyresults command if they know the search ID (SID). Impact: Potential unauth...
CVE-2023-22932
CVE-2023-22932 affects Splunk Enterprise 9.0 versions before 9.0.4 with Splunk Web enabled. A View can trigger Cross‑Site Scripting via the error message in a Base64‑encoded image. Affected: Splunk Enterprise 9.0.0–9.0.3. Remediation: upgrade to 9.0.4 or later; as a temporary workaround, disable ...
CVE-2023-22935
CVE-2023-22935 affects Splunk Enterprise versions prior to 8.1.13, 8.2.10, and 9.0.4. The vulnerability is caused by the display.page.search.patterns.sensitivity parameter which lets a user bypass SPL safeguards for risky commands. It requires a higher-privileged user to initiate a request from t...
CVE-2023-22940
The CVE-2023-22940 issue affects Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4. The root cause is that aliases of the collect SPL command (including summaryindex, sumindex, stash, mcollect, and meventcollect) were not designated as safeguarded commands, potentially allowing data to b...
CVE-2023-22937
CVE-2023-22937 affects Splunk Enterprise: versions below 8.1.13, 8.2.10, and 9.0.4 allow the lookup table upload feature to accept lookup tables with arbitrary filename extensions; only .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl are permitted. This is a validation/enforcement issue in the upl...
CVE-2023-22931
Splunk Enterprise before versions 8.1.13 and 8.2.10 are affected by CVE-2023-22931 due to the createrss external search command overwriting RSS feeds without permission checks. The root cause is the use of a deprecated feature that has been disabled by default, but remains exploitable in older bu...
CVE-2023-32717
Summary: CVE-2023-32717 affects Splunk Enterprise and Splunk Cloud Platform. An unauthorized user can access the REST endpoint /services/indexing/preview to overwrite search results if they know the SID of an existing search job. The issue is rooted in RBAC/endpoint handling for that path. Affect...
CVE-2023-32709
Summary (CVE-2023-32709) : Affects Splunk Enterprise <9.0.5, <8.2.11, <8.1.14 and Splunk Cloud Platform
CVE-2022-43571
CVE-2022-43571 affects Splunk Enterprise prior to versions 8.2.9, 8.1.12, and 9.0.2. An authenticated user can trigger arbitrary code execution via the dashboard PDF generation component (SimpleXML dashboards) due to code injection in styling parameters used during PDF export. Exploitation is dem...
CVE-2022-32151
CVE-2022-32151 affects Splunk Enterprise before version 9.0 and Splunk Cloud Platform before 8.2.2203. Root cause: the httplib and urllib Python libraries shipped with Splunk did not validate certificates using CA certificate stores by default. Impact: servers may be vulnerable where certificate ...
CVE-2024-45740
CVE-2024-45740 affects Splunk Enterprise <9.2.3/9.1.6 and Splunk Cloud Platform
CVE-2022-43572
Summary: CVE-2022-43572 affects Splunk Enterprise where a malformed file sent via the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer can cause a blockage/denial-of-service that prevents indexing. Affected versions (per sources): Splunk Enterprise below 8.2.9, below 8...
CVE-2022-32155
CVE-2022-32155 concerns Splunk Universal Forwarder management services. The issue described in the sources is that versions before 9.0 expose management services remotely by default, creating a potential exposure rather than a technical vulnerability. Splunk 9.0 binds the management port to local...
CVE-2022-43562
CVE-2022-43562 | Splunk Enterprise : The issue is a Host header validation/escaping flaw in Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2. A remote authenticated user could exploit this to perform attacks such as cross-site scripting and cache poisoning. Root cause is improper handlin...
CVE-2022-43568
Splunk Enterprise is affected by CVE-2022-43568. The vulnerability is a Reflected Cross-Site Scripting flaw in a View when output_mode=radio, triggered by JSON in a query parameter. Affected versions are Splunk Enterprise below 8.1.12, below 8.2.9, and below 9.0.2. Documented impact indicates hig...
CVE-2022-43567
Splunk Enterprise: vulnerability CVE-2022-43567 affects the Mobile Alerts feature of the Splunk Secure Gateway app. An authenticated user could remotely execute arbitrary OS commands via specially crafted requests. Affected versions are Splunk Enterprise < 8.2.9, < 8.1.12, and
CVE-2024-45732
CVE-2024-45732 affects Splunk Enterprise versions prior to 9.3.1 and 9.2.0 prior to 9.2.3, plus Splunk Cloud Platform prior to 9.2.2403.103, including 9.1.2312.200/9.1.2312.110/9.1.2308.208. Description: a low-privileged user without admin or power roles could run a search as the nobody user with...
CVE-2022-32153
CVE-2022-32153 affects Splunk Enterprise prior to 9.0 and Splunk Cloud Platform prior to 8.2.2203, where TLS hostname validation was not performed by default for Splunk-to-Splunk communications. This allowed a scenario where an attacker with administrator credentials could add a peer with an inva...
CVE-2022-43565
CVE-2022-43565 (Splunk Enterprise) : Affects Splunk Enterprise versions prior to 8.2.9 and prior to 8.1.12. Root cause: the tstats command’s handling of JSON can bypass SPL safeguards for risky commands, enabling manipulation if a user is phished into initiating a request in their browser. Exploi...
CVE-2022-43570
CVE-2022-43570 affects Splunk Enterprise prior to 8.1.12, 8.2.9, and 9.0.2. An authenticated user can perform an XML External Entity (XXE) injection via a custom View, causing Splunk Web to embed incorrect documents into an error page. Root cause: XXE vulnerability in the handling of XML in custo...
CVE-2022-32152
CVE-2022-32152 affects Splunk Enterprise and Splunk Cloud Platform where TLS host name validation for Splunk-to-Splunk communications was not enforced by default in versions before 9.0 (Splunk Enterprise) and before 8.2.2203 (Splunk Cloud). The issue allowed an administrator to add a peer with an...
CVE-2022-32154
Splunk Enterprise before 9.0 is affected by CVE-2022-32154 in its dashboards: an attacker could inject risky search commands into a form token used in a cross-origin query, bypassing SPL safeguards for risky commands. The issue is browser-based; exploitation depends on the attacker delivering a f...
CVE-2022-43561
CVE-2022-43561 affects Splunk Enterprise: versions prior to 8.1.12, 8.2.9, and 9.0.2. A remote user with the “power” role can store arbitrary scripts via the Save Table feature, enabling persistent cross-site scripting (XSS) on Splunk Web-enabled instances. The underlying vulnerability allows inj...
CVE-2022-43563
Splunk Enterprise is affected in versions before 8.2.9 and 8.1.12 due to how the rex search command handles field names, which can bypass SPL safeguards for risky commands. The attack requires phishing the victim into initiating a request in their browser; it is not exploitable at will. The issue...
CVE-2022-43566
CVE-2022-43566 affects Splunk Enterprise: versions prior to 8.2.9, 8.1.12, and 9.0.2 allow an authenticated user to execute risky commands using a more privileged user’s permissions to bypass SPL safeguards in Analytics Workspace. The attack requires phishing the victim into initiating a request ...
CVE-2024-45735
Summary (CVE-2024-45735) : Splunk Enterprise versions before 9.2.3 and 9.1.6, and Splunk Secure Gateway on Splunk Cloud Platform versions before 3.4.259, 3.6.17, or 3.7.0 allow a low-privileged user (not admin/power) to view App Key Value Store (KV Store) deployment configuration and public/priva...
CVE-2022-43564
CVE-2022-43564 affects Splunk Enterprise. A remote user who can create search macros and schedule search reports can trigger a denial of service by submitting specially crafted search macros in versions before 8.1.12, 8.2.9, or 9.0.2. The issue’s described impact is DoS; no other exploitation or ...
CVE-2022-43569
CVE-2022-43569 affects Splunk Enterprise versions prior to 8.1.12, 8.2.9, and 9.0.2. An authenticated user can inject and store arbitrary scripts resulting in persistent cross-site scripting (XSS) in the object name of a Data Model. Remediation per sources: upgrade to 8.1.12 or later, 8.2.9 or la...