Filtered by vendor Splunk
Subscribe
Total
207 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23675 | 1 Splunk | 2 Cloud, Splunk | 2024-04-10 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. | |||||
| CVE-2024-22165 | 1 Splunk | 1 Enterprise Security | 2024-04-10 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users. | |||||
| CVE-2024-22164 | 1 Splunk | 1 Enterprise Security | 2024-04-10 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. | |||||
| CVE-2023-46231 | 1 Splunk | 1 Add-on Builder | 2024-04-10 | N/A | 7.2 HIGH |
| In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on. | |||||
| CVE-2023-46230 | 1 Splunk | 1 Add-on Builder | 2024-04-10 | N/A | 4.9 MEDIUM |
| In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. | |||||
| CVE-2023-46214 | 1 Splunk | 2 Cloud, Splunk | 2024-04-10 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance. | |||||
| CVE-2023-46213 | 1 Splunk | 2 Cloud, Splunk | 2024-04-10 | N/A | 4.8 MEDIUM |
| In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. | |||||