Splunk Splunk Cloud
11 CVEs affecting Splunk Splunk Cloud. Latest disclosed: 2024-01-22. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-40595 | High | 8.8 | 2023-08-30 | In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrus… |
CVE-2023-40598 | High | 8.5 | 2023-08-30 | In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can… |
CVE-2023-40592 | High | 8.4 | 2023-08-30 | In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XS… |
CVE-2023-46214 | High | 8.0 | 2023-11-16 | In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that user… |
CVE-2023-40597 | High | 7.8 | 2023-08-30 | In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located… |
CVE-2024-23675 | Medium | 6.5 | 2024-01-22 | In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST applicati… |
CVE-2023-40594 | Medium | 6.5 | 2023-08-30 | In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against t… |
CVE-2023-40593 | Medium | 6.3 | 2023-08-30 | In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/sa… |
CVE-2023-46213 | Medium | 4.8 | 2023-11-16 | In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized… |
CVE-2024-23676 | Medium | 4.6 | 2024-01-22 | In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to vie… |
CVE-2024-23677 | Medium | 4.3 | 2024-01-22 | In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. |