cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-53247,https://securityvulnerability.io/vulnerability/CVE-2024-53247,Low-Privileged User RCE Vulnerability in Splunk Enterprise and Secure Gateway,"A vulnerability has been identified in Splunk Enterprise and the Splunk Secure Gateway app, allowing low-privileged users without administrative privileges to execute arbitrary code remotely. This issue affects specific versions of both Splunk Enterprise and the Secure Gateway app, potentially leading to unauthorized access and manipulation of system resources. Security measures should be prioritized to mitigate the risks associated with this vulnerability, particularly in environments where user permissions are not effectively managed.",Splunk,"Splunk Enterprise,Splunk Secure Gateway",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T18:15:00.000Z,0
CVE-2024-45732,https://securityvulnerability.io/vulnerability/CVE-2024-45732,Low-Privileged User Vulnerability in Splunk Enterprise,"In specific versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability allows low-privileged users, lacking the 'admin' or 'power' roles, to execute searches as the 'nobody' user within the SplunkDeploymentServerConfig app. This could potentially expose sensitive or restricted data, raising significant security concerns for environments where data access needs strict control.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",7.1,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45733,https://securityvulnerability.io/vulnerability/CVE-2024-45733,Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows,"A security flaw present in Splunk Enterprise for Windows allows low-privileged users, lacking 'admin' or 'power' roles, to exploit an insecure session storage configuration. This vulnerability permits these users to execute arbitrary code remotely, raising significant security concerns for systems operating on affected versions. Organizations using Splunk Enterprise versions below 9.2.3 and 9.1.6 should prioritize applying necessary patches and access controls to mitigate this risk.",Splunk,Splunk Enterprise,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45731,https://securityvulnerability.io/vulnerability/CVE-2024-45731,Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk,"In Splunk Enterprise for Windows, when installed on a separate drive, a vulnerability exists that allows low-privileged users—without 'admin' or 'power' roles—to write files directly to the Windows system root directory. This results in potential unauthorized access to critical system files, posing serious security implications for affected installations, particularly versions prior to 9.3.1, 9.2.3, and 9.1.6. It is crucial for organizations using these versions to assess their configurations and apply remedial measures as detailed in the Splunk security advisory.",Splunk,Splunk Enterprise,8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-36982,https://securityvulnerability.io/vulnerability/CVE-2024-36982,Splunk Enterprise Crash Vulnerability,"In certain versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability exists that allows an attacker to invoke a null pointer reference on the cluster/config REST endpoint. This flaw may lead to a crash of the Splunk daemon, potentially impacting the availability and functionality of the affected services. Users of these versions should take caution and consider updating to secure versions to mitigate any associated risks.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-01T16:31:04.078Z,0
CVE-2024-36991,https://securityvulnerability.io/vulnerability/CVE-2024-36991,Splunk Enterprise Path Traversal Vulnerability on Windows,"A path traversal vulnerability exists in Splunk Enterprise running on Windows, affecting versions prior to 9.2.2, as well as versions 9.1.5 and 9.0.10. This issue allows an attacker to potentially access restricted directories and files on the server through the /modules/messaging/ endpoint. Ensuring that systems are upgraded to the latest versions is crucial to mitigate this risk. Organizations using affected versions should prioritize immediate updates and review their configurations to enhance overall security.",Splunk,Splunk Enterprise,7.5,HIGH,0.12011999636888504,false,,true,true,true,2024-07-09T09:30:19.000Z,true,true,true,2024-07-09T01:52:02.381Z,2024-07-01T16:31:03.563Z,18885
CVE-2024-36985,https://securityvulnerability.io/vulnerability/CVE-2024-36985,Low-Privileged User Vulnerability in Splunk Enterprise Could Lead to Remote Code Execution,"A vulnerability exists in Splunk Enterprise that allows low-privileged users, who do not have the admin or power roles, to perform unauthorized actions leading to remote code execution. This issue stems from an external lookup mechanism that references the 'splunk_archiver' application. Affected users can exploit this vulnerability on versions before 9.2.2, 9.1.5, and 9.0.10, potentially compromising the security of the application and its underlying data.",Splunk,Splunk Enterprise,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-01T16:30:57.461Z,0
CVE-2024-36984,https://securityvulnerability.io/vulnerability/CVE-2024-36984,Splunk Enterprise Vulnerability Allows Arbitrary Code Execution,"In Splunk Enterprise, versions prior to 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user is able to leverage a vulnerability that arises from the execution of specially crafted queries. This allows for the serialization of untrusted data, which can be exploited to execute arbitrary code on the affected system. The implications of this vulnerability can lead to significant security risks, emphasizing the need for users to ensure their software is updated to the latest versions to mitigate potential exploitation.",Splunk,Splunk Enterprise,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-01T16:30:44.270Z,0
CVE-2024-36983,https://securityvulnerability.io/vulnerability/CVE-2024-36983,Authenticated User Vulnerability in Splunk Enterprise and Splunk Cloud Platform Could Allow Arbitrary Code Execution,"In vulnerable versions of Splunk Enterprise and Splunk Cloud Platform, an authenticated user possesses the capability to create an external lookup that invokes a legacy internal function. This function can be exploited to insert malicious code within the Splunk platform installation directory. Consequently, this can lead to the execution of arbitrary code within the Splunk instance, significantly compromising system integrity and data security.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-01T16:30:41.779Z,0
CVE-2024-29945,https://securityvulnerability.io/vulnerability/CVE-2024-29945,Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise,"The vulnerability in Splunk Enterprise involves potential exposure of authentication tokens during the token validation process in specific versions. This security issue occurs particularly when the software operates in debug mode or when the JsonWebToken component is set to log at the DEBUG level. This logging configuration can inadvertently make sensitive authentication tokens accessible, posing a significant risk to user security. It is essential for organizations using affected versions to review their configurations and adopt mitigation strategies outlined in underlying advisories to protect sensitive data from unauthorized access.",Splunk,Splunk Enterprise,7.2,HIGH,0.0005000000237487257,false,,true,false,false,,,false,false,,2024-03-27T17:15:00.000Z,0
CVE-2024-29946,https://securityvulnerability.io/vulnerability/CVE-2024-29946,Splunk Enterprise Vulnerability: Risky SPL Commands in Dashboard Examples Hub,"In Splunk Enterprise prior to version 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub contains a security vulnerability that allows unsafe SPL commands to be executed without proper safeguards. Attackers can exploit this vulnerability by tricking users into initiating specially crafted requests, leading to potential unauthorized actions that compromise system integrity. It's crucial for organizations using affected versions to apply necessary security measures to protect against such attacks.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",8.1,HIGH,0.000910000002477318,false,,true,false,false,,,false,false,,2024-03-27T17:15:00.000Z,0
CVE-2023-46230,https://securityvulnerability.io/vulnerability/CVE-2023-46230,Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder,"In versions of Splunk Add-on Builder prior to 4.1.4, the application exhibits a vulnerability where it inadvertently writes sensitive information to internal log files. This can lead to unauthorized access to sensitive data, increasing the risk of data exposure and potential misuse. Organizations using affected versions are advised to upgrade to the latest version to mitigate this security risk and protect their data integrity.",Splunk,Splunk Add-on Builder,8.2,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-01-30T17:00:49.161Z,0
CVE-2023-46231,https://securityvulnerability.io/vulnerability/CVE-2023-46231,Session Token Disclosure to Internal Log Files in Splunk Add-on Builder,"An identified vulnerability in Splunk Add-on Builder allows the application to log user session tokens in its internal files when users access the application or modify custom apps. This exposure can potentially lead to unauthorized access, as sensitive session information is stored insecurely in log files. Organizations that utilize affected versions prior to 4.1.4 should assess their security protocols and apply the necessary updates to mitigate the risk associated with this vulnerability.",Splunk,Splunk Add-on Builder,8.8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2024-01-30T17:00:46.832Z,0
CVE-2024-23678,https://securityvulnerability.io/vulnerability/CVE-2024-23678,Unsafe Deserialization of Untrusted Data in Splunk Enterprise for Windows,"Splunk Enterprise for Windows prior to versions 9.0.8 and 9.1.3 is affected by a vulnerability that improperly handles path input data. This flaw leads to the unsafe deserialization of untrusted data originating from another disk partition on the same machine. Such a security weakness could potentially be exploited to inject malicious data, compromising the integrity and security of the application. Correct sanitization practices are crucial to mitigate this risk and ensure the safe handling of path inputs.",Splunk,Splunk Enterprise,7.5,HIGH,0.0004600000102072954,false,,true,false,false,,,false,false,,2024-01-22T20:37:43.095Z,0
CVE-2023-46214,https://securityvulnerability.io/vulnerability/CVE-2023-46214,Splunk Enterprise Vulnerability: Remote Code Execution via Malicious XSLT,"The CVE-2023-46214 vulnerability affects Splunk Enterprise versions below 9.0.7 and 9.1.2, allowing attackers to execute remote code by uploading malicious XSLT. A proof-of-concept exploit has been made public, prompting users to apply patches or workarounds provided by Splunk to mitigate the risk. There are no known exploitations in the wild by ransomware groups at this time.",Splunk,"Splunk Enterprise,Splunk Cloud",8,HIGH,0.17511999607086182,false,,true,false,true,2023-11-18T00:00:00.000Z,,false,false,,2023-11-16T21:15:00.000Z,0
CVE-2023-4571,https://securityvulnerability.io/vulnerability/CVE-2023-4571,Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI),"In vulnerable versions of Splunk IT Service Intelligence (ITSI), malicious actors can exploit a code injection vulnerability by injecting ANSI escape codes into log files. When users read these log files with a vulnerable terminal application, the injected escape codes can execute unwanted commands on their systems. Although this vulnerability does not directly impact Splunk ITSI, it poses a risk based on the permissions of the terminal application and how users interact with malicious log files. Successful exploitation requires users to inadvertently use a terminal that processes these escape codes, further emphasizing the need for caution when handling log files from Splunk ITSI.",Splunk,Splunk Itsi,8.6,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-08-30T17:15:00.000Z,0
CVE-2023-40598,https://securityvulnerability.io/vulnerability/CVE-2023-40598,Command Injection in Splunk Enterprise Using External Lookups,"In certain versions of Splunk Enterprise, an attacker can leverage an external lookup that invokes a legacy internal function. This functionality permits unauthorized code insertion into the Splunk platform installation directory, potentially allowing the execution of arbitrary code on the affected Splunk instance. This vulnerability poses significant risks and should be addressed promptly to safeguard against possible exploitation.",Splunk,"Splunk Enterprise,Splunk Cloud",8.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-08-30T17:15:00.000Z,0
CVE-2023-40597,https://securityvulnerability.io/vulnerability/CVE-2023-40597,Absolute Path Traversal in Splunk Enterprise Using runshellscript.py,"In specific versions of Splunk Enterprise, an absolute path traversal vulnerability allows attackers to exploit the system by executing arbitrary code stored on a separate disk. This flaw can pose significant security risks, enabling unauthorized access and manipulation of sensitive data. Organizations utilizing affected versions should prioritize applying the latest updates to mitigate this vulnerability and protect their systems.",Splunk,"Splunk Enterprise,Splunk Cloud",7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-08-30T17:15:00.000Z,0
CVE-2023-40592,https://securityvulnerability.io/vulnerability/CVE-2023-40592,"Reflected Cross-site Scripting (XSS) on ""/app/search/table"" web endpoint","In specific versions of Splunk Enterprise, an attacker can exploit a reflected cross-site scripting vulnerability by sending specially crafted web requests to the '/app/search/table' endpoint. This security issue may allow an attacker to execute arbitrary commands on the affected Splunk platform instance, posing significant security risks to users and data.",Splunk,"Splunk Enterprise,Splunk Cloud",8.4,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-08-30T17:15:00.000Z,0
CVE-2023-40595,https://securityvulnerability.io/vulnerability/CVE-2023-40595,Remote Code Execution via Serialized Session Payload,"In Splunk Enterprise prior to versions 8.2.12, 9.0.6, and 9.1.1, an inherent code execution vulnerability allows attackers to craft specific queries, leading to the potential serialization of untrusted data. This can enable an attacker to execute arbitrary code, significantly compromising the security of the affected system.",Splunk,"Splunk Enterprise,Splunk Cloud",8.8,HIGH,0.0010000000474974513,false,,false,false,false,,,false,false,,2023-08-30T17:15:00.000Z,0
CVE-2023-40596,https://securityvulnerability.io/vulnerability/CVE-2023-40596,Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL,"A vulnerability in Splunk Enterprise allows attackers to exploit insecure path referencing in dynamic link libraries (DLLs) included with the software. This flaw permits the installation of malicious code, leading to potential privilege escalation on the Windows operating system. It affects users running versions prior to 8.2.12, 9.0.6, and 9.1.1, highlighting the importance of updating to secure versions to mitigate risks associated with this issue.",Splunk,Splunk Enterprise,7,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-08-30T17:15:00.000Z,0
CVE-2023-3997,https://securityvulnerability.io/vulnerability/CVE-2023-3997,Unauthenticated Log Injection In Splunk SOAR,"Splunk SOAR prior to version 6.1.0 is vulnerable to a log file poisoning attack. An attacker can exploit this vulnerability by sending a specially crafted web request containing specific ANSI characters. This can lead to the manipulation of log files, affecting terminal users who attempt to view these compromised logs. As a result, terminal users may inadvertently execute malicious code, posing significant risks to the security and integrity of the system. Users are encouraged to upgrade to the latest version to mitigate these risks. For more detailed information, please refer to the Splunk advisory.",Splunk,"Splunk Soar (on-premises),Splunk Soar (cloud)",8.6,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-07-31T17:15:00.000Z,0
CVE-2023-32706,https://securityvulnerability.io/vulnerability/CVE-2023-32706,Denial Of Service due to Untrusted XML Tag in XML Parser within  SAML Authentication,"A denial of service vulnerability exists in Splunk Enterprise, impacting versions before 9.0.5, 8.2.11, and 8.1.14. An unauthenticated attacker can exploit this flaw by sending specially-crafted messages to the XML parser during SAML authentication, resulting in the Splunk daemon becoming unresponsive. Organizations using vulnerable versions should seek updates and take immediate action to mitigate potential service disruption.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",7.7,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2023-06-01T17:15:00.000Z,0
CVE-2023-32707,https://securityvulnerability.io/vulnerability/CVE-2023-32707,‘edit_user’ Capability Privilege Escalation,"In specific versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability exists that allows users with low privileges who possess the 'edit_user' capability to escalate their privileges to that of an admin. By sending crafted web requests, these users can gain unauthorized access to administrative functions, potentially compromising the security and integrity of the system. Immediate updates to the latest software versions are recommended to mitigate this risk.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",8.8,HIGH,0.8863499760627747,false,,false,false,true,2023-11-14T04:06:08.000Z,true,false,false,,2023-06-01T17:15:00.000Z,0
CVE-2023-32714,https://securityvulnerability.io/vulnerability/CVE-2023-32714,Path Traversal in Splunk App for Lookup File Editing,"In the Splunk App for Lookup File Editing, versions prior to 4.0.1, a low-privileged user has the capability to exploit a path traversal vulnerability. This vulnerability is triggered through a specially crafted web request, allowing an unauthorized user to read and write data in restricted areas of the Splunk installation directory. This can lead to potential exposure of sensitive information and compromise the integrity of the application.",Splunk,Splunk App For Lookup File Editing,8.1,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2023-06-01T17:15:00.000Z,0