Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23677 | 1 Splunk | 2 Cloud, Splunk | 2024-04-10 | N/A | 5.3 MEDIUM |
| In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. | |||||
| CVE-2024-23676 | 1 Splunk | 2 Cloud, Splunk | 2024-04-10 | N/A | 3.5 LOW |
| In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit. | |||||
| CVE-2024-23675 | 1 Splunk | 2 Cloud, Splunk | 2024-04-10 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. | |||||
| CVE-2023-46214 | 1 Splunk | 2 Cloud, Splunk | 2024-04-10 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance. | |||||
| CVE-2023-46213 | 1 Splunk | 2 Cloud, Splunk | 2024-04-10 | N/A | 4.8 MEDIUM |
| In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. | |||||