Vulnerabilities > Splunk > Splunk Cloud Platform > 9.0.2305.200
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-14 | CVE-2024-45732 | Missing Authorization vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. | 6.5 |
| 2024-10-14 | CVE-2024-45740 | Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user. | 5.4 |