Vulnerabilities > Splunk > Splunk > 8.2.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-01 | CVE-2023-32709 | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.0.5, 8.2.11. | 4.3 |
2023-06-01 | CVE-2023-32710 | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. | 5.3 |
2023-06-01 | CVE-2023-32711 | Cross-site Scripting vulnerability in Splunk In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload. | 5.4 |
2023-06-01 | CVE-2023-32712 | Improper Encoding or Escaping of Output vulnerability in Splunk In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the vulnerable application. | 3.1 |
2023-06-01 | CVE-2023-32714 | Path Traversal vulnerability in Splunk and Splunk APP for Lookup File Editing In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory. | 8.1 |
2023-06-01 | CVE-2023-32716 | Improper Check for Unusual or Exceptional Conditions vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon. | 6.5 |
2023-06-01 | CVE-2023-32717 | Unspecified vulnerability in Splunk and Splunk Cloud Platform On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. | 4.3 |
2023-02-14 | CVE-2023-22931 | Incorrect Default Permissions vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. | 4.3 |
2023-02-14 | CVE-2023-22933 | Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. | 6.1 |
2023-02-14 | CVE-2023-22934 | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. | 8.0 |