Vulnerabilities > Splunk > Splunk Cloud Platform > 9.1.2312

DATE CVE VULNERABILITY TITLE RISK
2024-12-10 CVE-2024-53244 Unspecified vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser.
network
low complexity
splunk
5.7
5.7
2024-12-10 CVE-2024-53245 Unspecified vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
network
low complexity
splunk
4.3
4.3
2024-12-10 CVE-2024-53246 Cleartext Transmission of Sensitive Information vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information.
network
low complexity
splunk CWE-319
7.5
7.5
2024-07-01 CVE-2024-36983 Command Injection vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function.
network
low complexity
splunk CWE-77
8.8
8.8
2024-07-01 CVE-2024-36997 Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint.
network
low complexity
splunk CWE-79
8.1
8.1