Splunk

Splunk Cloud Platform

77 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-36994

  • EPSS 1.18%
  • Published 01.07.2024 17:15:08
  • Last modified 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Vi...

5.4

CVE-2024-36993

Exploit
  • EPSS 1.01%
  • Published 01.07.2024 17:15:08
  • Last modified 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Sp...

5.4

CVE-2024-36992

  • EPSS 0.45%
  • Published 01.07.2024 17:15:08
  • Last modified 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Vi...

6.5

CVE-2024-36990

Exploit
  • EPSS 1.14%
  • Published 01.07.2024 17:15:07
  • Last modified 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST requ...

8.8

CVE-2024-36983

  • EPSS 1.04%
  • Published 01.07.2024 17:15:06
  • Last modified 07.03.2025 16:48:11

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user c...

8.8

CVE-2023-40595

  • EPSS 0.56%
  • Published 30.08.2023 17:15:10
  • Last modified 21.11.2024 08:19:47

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.

8.8

CVE-2023-40597

  • EPSS 0.07%
  • Published 30.08.2023 17:15:10
  • Last modified 21.11.2024 08:19:47

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

8.8

CVE-2023-40598

  • EPSS 0.11%
  • Published 30.08.2023 17:15:10
  • Last modified 21.11.2024 08:19:47

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory....

7.5

CVE-2023-40594

  • EPSS 0.15%
  • Published 30.08.2023 17:15:09
  • Last modified 21.11.2024 08:19:47

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.

7.5

CVE-2023-40593

  • EPSS 0.16%
  • Published 30.08.2023 17:15:09
  • Last modified 21.11.2024 08:19:47

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Sp...