Vulnerabilities > Splunk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-23 | CVE-2023-23915 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. | 6.5 |
| 2023-02-23 | CVE-2023-23916 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. | 6.5 |
| 2023-02-14 | CVE-2023-22931 | Incorrect Default Permissions vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. | 4.3 |
| 2023-02-14 | CVE-2023-22932 | Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. | 6.1 |
| 2023-02-14 | CVE-2023-22933 | Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. | 6.1 |
| 2023-02-14 | CVE-2023-22934 | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. | 8.0 |
| 2023-02-14 | CVE-2023-22935 | Command Injection vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. | 8.8 |
| 2023-02-14 | CVE-2023-22936 | Server-Side Request Forgery (SSRF) vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. | 6.3 |
| 2023-02-14 | CVE-2023-22937 | Unrestricted Upload of File with Dangerous Type vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. | 4.3 |
| 2023-02-14 | CVE-2023-22938 | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. | 4.3 |