Splunk

Splunk

160 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2024-36997

  • EPSS 0.48%
  • Published 01.07.2024 17:15:09
  • Last modified 07.03.2025 16:48:11

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/setting...

5.4

CVE-2024-36992

  • EPSS 0.45%
  • Published 01.07.2024 17:15:08
  • Last modified 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Vi...

5.4

CVE-2024-36993

Exploit
  • EPSS 1.01%
  • Published 01.07.2024 17:15:08
  • Last modified 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Sp...

5.4

CVE-2024-36994

  • EPSS 1.18%
  • Published 01.07.2024 17:15:08
  • Last modified 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Vi...

3.5

CVE-2024-36995

  • EPSS 0.25%
  • Published 01.07.2024 17:15:08
  • Last modified 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.

5.3

CVE-2024-36996

  • EPSS 0.41%
  • Published 01.07.2024 17:15:08
  • Last modified 21.11.2024 09:23:00

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likel...

6.5

CVE-2024-36987

  • EPSS 0.6%
  • Published 01.07.2024 17:15:07
  • Last modified 21.11.2024 09:22:58

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extensio...

4.3

CVE-2024-36989

  • EPSS 0.29%
  • Published 01.07.2024 17:15:07
  • Last modified 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages th...

6.5

CVE-2024-36990

Exploit
  • EPSS 1.14%
  • Published 01.07.2024 17:15:07
  • Last modified 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST requ...

7.5

CVE-2024-36991

  • EPSS 93.27%
  • Published 01.07.2024 17:15:07
  • Last modified 21.11.2024 09:22:59

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Window...