Vulnerabilities > Splunk > Cloud > 9.1.2308

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-36982 NULL Pointer Dereference vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.
network
low complexity
splunk CWE-476
7.5
7.5
2024-07-01 CVE-2024-36986 Unspecified vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace.
network
low complexity
splunk
5.7
5.7
2024-01-22 CVE-2024-23675 Incorrect Authorization vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API).
network
low complexity
splunk CWE-863
6.5
6.5
2024-01-22 CVE-2024-23676 Unspecified vulnerability in Splunk Cloud and Splunk
In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view.
network
low complexity
splunk
3.5
3.5