Splunk

Splunk Cloud Platform

107 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.3%
  • Veröffentlicht 01.07.2024 17:15:08
  • Zuletzt bearbeitet 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Vi...

  • EPSS 0.21%
  • Veröffentlicht 01.07.2024 17:15:08
  • Zuletzt bearbeitet 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.

  • EPSS 0.35%
  • Veröffentlicht 01.07.2024 17:15:08
  • Zuletzt bearbeitet 21.11.2024 09:23:00

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likel...

Exploit
  • EPSS 0.69%
  • Veröffentlicht 01.07.2024 17:15:07
  • Zuletzt bearbeitet 21.11.2024 09:22:59

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST requ...

  • EPSS 1%
  • Veröffentlicht 01.07.2024 17:15:06
  • Zuletzt bearbeitet 07.03.2025 16:48:11

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user c...

  • EPSS 0.82%
  • Veröffentlicht 30.08.2023 17:15:10
  • Zuletzt bearbeitet 21.11.2024 08:19:47

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.

  • EPSS 0.22%
  • Veröffentlicht 30.08.2023 17:15:10
  • Zuletzt bearbeitet 21.11.2024 08:19:47

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

  • EPSS 0.6%
  • Veröffentlicht 30.08.2023 17:15:10
  • Zuletzt bearbeitet 21.11.2024 08:19:47

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory....

  • EPSS 0.54%
  • Veröffentlicht 30.08.2023 17:15:09
  • Zuletzt bearbeitet 21.11.2024 08:19:46

In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to ...

  • EPSS 0.49%
  • Veröffentlicht 30.08.2023 17:15:09
  • Zuletzt bearbeitet 21.11.2024 08:19:47

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Sp...