Vulnerabilities > Splunk > Cloud > 9.0.2208
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-22 | CVE-2024-23675 | Incorrect Authorization vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). | 6.5 |
2024-01-22 | CVE-2024-23676 | Unspecified vulnerability in Splunk Cloud and Splunk In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. | 3.5 |
2023-11-16 | CVE-2023-46213 | Cross-site Scripting vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. | 4.8 |
2023-11-16 | CVE-2023-46214 | XML Injection (aka Blind XPath Injection) vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. | 8.8 |