Vulnerabilities > Splunk > Cloud > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-36986 Unspecified vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace.
network
low complexity
splunk
5.7
2024-07-01 CVE-2024-36987 Unrestricted Upload of File with Dangerous Type vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.
network
low complexity
splunk CWE-434
6.5
2024-07-01 CVE-2024-36989 Unspecified vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.
network
low complexity
splunk
4.3
2024-01-22 CVE-2024-23675 Incorrect Authorization vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API).
network
low complexity
splunk CWE-863
6.5
2024-01-22 CVE-2024-23677 Information Exposure Through Log Files vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.
network
low complexity
splunk CWE-532
5.3
2023-11-16 CVE-2023-46213 Cross-site Scripting vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.
network
low complexity
splunk CWE-79
4.8