Vulnerabilities > Splunk > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-36989 Unspecified vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.
network
low complexity
splunk
4.3
2024-07-01 CVE-2024-36990 Infinite Loop vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.
network
low complexity
splunk CWE-835
6.5
2024-07-01 CVE-2024-36992 Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user.
network
low complexity
splunk CWE-79
5.4
2024-07-01 CVE-2024-36993 Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.
network
low complexity
splunk CWE-79
5.4
2024-07-01 CVE-2024-36994 Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.
network
low complexity
splunk CWE-79
5.4
2024-07-01 CVE-2024-36996 Information Exposure Through Discrepancy vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in.
network
low complexity
splunk CWE-203
5.3
2024-01-30 CVE-2023-46230 Information Exposure Through Log Files vulnerability in Splunk Add-On Builder 4.1.0/4.1.1/4.1.2
In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.
network
low complexity
splunk CWE-532
4.9
2024-01-22 CVE-2024-23675 Incorrect Authorization vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API).
network
low complexity
splunk CWE-863
6.5
2024-01-22 CVE-2024-23677 Information Exposure Through Log Files vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.
network
low complexity
splunk CWE-532
5.3
2024-01-09 CVE-2024-22164 Allocation of Resources Without Limits or Throttling vulnerability in Splunk Enterprise Security 7.1.0/7.1.1
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation.
network
low complexity
splunk CWE-770
4.3