7.5
CVE-2025-20371
- EPSS 0.05%
- Veröffentlicht 01.10.2025 17:15:40
- Zuletzt bearbeitet 02.10.2025 19:11:46
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSplunk
≫
Produkt
Splunk Enterprise
Version <
10.0.1
Version
10.0
Status
affected
Version <
9.4.4
Version
9.4
Status
affected
Version <
9.3.6
Version
9.3
Status
affected
Version <
9.2.8
Version
9.2
Status
affected
HerstellerSplunk
≫
Produkt
Splunk Cloud Platform
Version <
9.3.2411.109
Version
9.3.2411
Status
affected
Version <
9.3.2408.119
Version
9.3.2408
Status
affected
Version <
9.2.2406.122
Version
9.2.2406
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.171 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.