Vulnerabilities > Splunk > Splunk Cloud Platform > 9.0.2209

DATE CVE VULNERABILITY TITLE RISK
2023-02-14 CVE-2023-22938 Unspecified vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance.
network
low complexity
splunk
4.3
2023-02-14 CVE-2023-22939 Unspecified vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands.
network
low complexity
splunk
8.8
2023-02-14 CVE-2023-22940 Unspecified vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands.
network
low complexity
splunk
5.7
2023-02-14 CVE-2023-22941 Unspecified vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).
network
low complexity
splunk
7.5