Vulnerabilities > Splunk > Splunk > 9.0.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-27 | CVE-2024-29945 | Information Exposure Through Log Files vulnerability in Splunk In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. | 7.2 |
2024-03-27 | CVE-2024-29946 | Command Injection vulnerability in Splunk In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. | 8.1 |
2024-01-22 | CVE-2024-23675 | Incorrect Authorization vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). | 6.5 |
2024-01-22 | CVE-2024-23676 | Unspecified vulnerability in Splunk Cloud and Splunk In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. | 3.5 |
2024-01-22 | CVE-2024-23677 | Information Exposure Through Log Files vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. | 5.3 |
2024-01-22 | CVE-2024-23678 | Unspecified vulnerability in Splunk In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. | 8.8 |
2023-11-16 | CVE-2023-46213 | Cross-site Scripting vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. | 4.8 |
2023-11-16 | CVE-2023-46214 | XML Injection (aka Blind XPath Injection) vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. | 8.8 |