Latest Splunk Vulnerabilities

CVE-2024-29945
Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise
Splunk Splunk>=9.0.0<9.0.9
Splunk Splunk>=9.1.0<9.1.4
Splunk Splunk>=9.2.0<9.2.1
CVE-2024-29946
Risky command safeguards bypass in Dashboard Examples Hub
Splunk Splunk>=9.0.0<9.0.9
Splunk Splunk>=9.1.0<9.1.4
Splunk Splunk>=9.2.0<9.2.1
CVE-2023-46230
Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder
Splunk Add-on Builder<4.1.4
CVE-2023-46231
Session Token Disclosure to Internal Log Files in Splunk Add-on Builder
Splunk Add-on Builder<4.1.4
CVE-2024-23678
Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition
Splunk Splunk>=9.0.0<9.0.8
Splunk Splunk>=9.1.0<9.1.3
CVE-2024-23676
Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command
Splunk Cloud<9.1.2308.200
Splunk Splunk>=9.0.0<9.0.8
Splunk Splunk>=9.1.0<9.1.3
CVE-2024-23677
Server Response Disclosure in RapidDiag Salesforce.com Log File
Splunk Cloud<9.0.2208
Splunk Splunk>=9.0.0<9.0.8
CVE-2024-23675
Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion
Splunk Cloud<9.1.2312.100
Splunk Splunk>=9.0.0<9.0.8
Splunk Splunk>=9.1.0<9.1.3
CVE-2024-22164
Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments
Splunk Enterprise Security>=7.1.0<7.1.2
CVE-2024-22165
Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation
Splunk Enterprise Security>=7.1.0<7.1.2
CVE-2023-46213
Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page
Splunk Cloud<9.1.2308
Splunk Splunk>=9.0.0<9.0.7
Splunk Splunk>=9.1.0<9.1.2
CVE-2023-46214
Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
Splunk Cloud<9.1.2308
Splunk Splunk>=9.0.0<9.0.7
Splunk Splunk>=9.1.0<9.1.2
CVE-2023-40597
Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk=9.1.0
Splunk Splunk Cloud Platform<=9.0.2305.100
CVE-2023-40596
Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk=9.1.0
Microsoft Windows
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
and 2 more
CVE-2023-40593
Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk Cloud Platform<=9.0.2305.100
CVE-2023-40594
Denial of Service (DoS) via the ‘printf’ Search Function
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk=9.1.0
Splunk Splunk Cloud Platform<=9.0.2305.100
CVE-2023-4571
Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)
Splunk IT Service Intelligence>=4.13.0<4.13.3
Splunk IT Service Intelligence>=4.15.0<4.15.3
Splunk IT Service Intelligence=4.17.0
CVE-2023-40592
Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk=9.1.0
Splunk Splunk Cloud Platform<=9.0.2305.100
CVE-2023-40595
Remote Code Execution via Serialized Session Payload
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk=9.1.0
Splunk Splunk Cloud Platform<=9.0.2305.100
CVE-2023-40598
Command Injection in Splunk Enterprise Using External Lookups
Splunk Splunk<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk>=9.1.0<9.1.1
Splunk Splunk Cloud Platform<9.0.2305.200
CVE-2023-3997
Unauthenticated Log Injection In Splunk SOAR
Splunk SOAR<6.1.0.131
Splunk SOAR<6.1.0
<6.1.0
<6.1.0.131
CVE-2023-32713
Local Privilege Escalation via the ‘streamfwd’ program in Splunk App for Stream
Splunk Splunk App For Stream<8.1.1
CVE-2023-32707
‘edit_user’ Capability Privilege Escalation
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32709
Low-privileged User can View Hashed Default Splunk Password
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32716
Denial of Service via the 'dump' SPL command
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32714
Path Traversal in Splunk App for Lookup File Editing
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk App For Lookup File Editing<4.0.1
CVE-2023-32712
Unauthenticated Log Injection in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
CVE-2023-32706
Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32710
Information Disclosure via the ‘copyresults’ SPL Command
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32717
Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32715
Self Cross-Site Scripting (XSS) on Splunk App for Lookup File Editing
Splunk Splunk App For Lookup File Editing<4.0.1
CVE-2023-32708
HTTP Response Splitting via the ‘rest’ SPL Command
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32711
Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
CVE-2023-27537
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads b...
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl=7.88.0
Haxx Libcurl=7.88.1
Netapp Active Iq Unified Manager Vmware Vsphere
NetApp Clustered Data ONTAP=9.0
and 20 more
CVE-2023-27538
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have pre...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl>=7.16.1<8.0.0
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 22 more
CVE-2023-27536
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to chec...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl>=7.22.0<=7.88.1
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 21 more
CVE-2023-27535
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created conn...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl>=7.13.0<=7.88.1
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 21 more
CVE-2023-27534
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its inten...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Curl>=7.18.0<=7.88.1
Fedoraproject Fedora=36
Netapp Active Iq Unified Manager Vmware Vsphere
and 20 more
CVE-2023-27533
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Curl>=7.0.0<=7.881
Fedoraproject Fedora=36
Netapp Active Iq Unified Manager Vmware Vsphere
and 20 more
CVE-2023-22939
SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22938
Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22937
Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22943
Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDK
Splunk Add-on Builder>=4.1.0<4.1.2
Splunk Cloudconnect Software Development Kit>=3.1.0<3.1.3
CVE-2023-22933
Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209
CVE-2023-22942
Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
CVE-2023-22932
Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise
>=9.0.0<9.0.4
<9.0.2209.3
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22936
Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22941
Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22931
‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk Cloud Platform<8.2.2203
CVE-2023-22935
SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203