Splunk

Splunk

176 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2024-45738

  • EPSS 0.07%
  • Veröffentlicht 14.10.2024 17:15:12
  • Zuletzt bearbeitet 17.10.2024 13:17:37

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG ...

4.9

CVE-2024-45739

  • EPSS 0.08%
  • Veröffentlicht 14.10.2024 17:15:12
  • Zuletzt bearbeitet 17.10.2024 13:16:36

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log chann...

8

CVE-2024-45731

  • EPSS 0.58%
  • Veröffentlicht 14.10.2024 17:15:11
  • Zuletzt bearbeitet 17.10.2024 13:09:33

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows...

6.5

CVE-2024-45732

  • EPSS 0.21%
  • Veröffentlicht 14.10.2024 17:15:11
  • Zuletzt bearbeitet 17.10.2024 13:03:52

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk role...

8.8

CVE-2024-45733

  • EPSS 5.22%
  • Veröffentlicht 14.10.2024 17:15:11
  • Zuletzt bearbeitet 16.10.2024 22:26:12

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.

4.3

CVE-2024-45734

  • EPSS 0.07%
  • Veröffentlicht 14.10.2024 17:15:11
  • Zuletzt bearbeitet 16.10.2024 22:20:57

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboa...

8.1

CVE-2024-36997

  • EPSS 1.01%
  • Veröffentlicht 01.07.2024 17:15:09
  • Zuletzt bearbeitet 07.03.2025 16:48:11

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/setting...

5.4

CVE-2024-36992

  • EPSS 0.61%
  • Veröffentlicht 01.07.2024 17:15:08
  • Zuletzt bearbeitet 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Vi...

5.4

CVE-2024-36993

Exploit
  • EPSS 1.37%
  • Veröffentlicht 01.07.2024 17:15:08
  • Zuletzt bearbeitet 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Sp...

5.4

CVE-2024-36994

  • EPSS 1.6%
  • Veröffentlicht 01.07.2024 17:15:08
  • Zuletzt bearbeitet 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Vi...