Vulnerabilities > Splunk > Splunk Cloud Platform > 9.0.2209
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-14 | CVE-2023-22938 | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. | 4.3 |
2023-02-14 | CVE-2023-22939 | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. | 8.8 |
2023-02-14 | CVE-2023-22940 | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. | 5.7 |
2023-02-14 | CVE-2023-22941 | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). | 7.5 |