cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-53245,https://securityvulnerability.io/vulnerability/CVE-2024-53245,Insufficient Access Control in Splunk Enterprise and Splunk Cloud Platform,"In certain versions of Splunk Enterprise and Splunk Cloud Platform, a flaw exists that allows low-privileged users to clone dashboards they should not access due to insufficient access controls. This occurs when a user's name matches that of a role with read access to the dashboard. As a result, these users may inadvertently expose sensitive dashboard names and XML configurations, presenting a potential security risk.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",3.1,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T18:15:00.000Z,0
CVE-2024-53246,https://securityvulnerability.io/vulnerability/CVE-2024-53246,Sensitive Information Disclosure in Splunk Enterprise and Cloud Platform,"A vulnerability exists in Splunk Enterprise and Splunk Cloud Platform that allows the disclosure of sensitive information through the exploitation of specific SPL commands. This risk could arise when another vulnerability, such as a Risky Commands Bypass, is present, enabling potential attackers to access confidential data inadvertently exposed through the affected versions.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T18:15:00.000Z,0
CVE-2024-53244,https://securityvulnerability.io/vulnerability/CVE-2024-53244,Privilege Escalation in Splunk Enterprise and Cloud Platforms,"A vulnerability exists in Splunk Enterprise and Cloud Platforms that allows low-privileged users to execute saved searches with risky commands. This occurs through misuse of the permissions of higher-privileged users, specifically on the '/en-US/app/search/report' endpoint. Attackers can exploit this by tricking users into making requests via phishing methods, leading to a circumvention of standard SPL safeguards. Proper administrative controls and user education are essential to mitigate this risk.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T18:15:00.000Z,0
CVE-2024-45737,https://securityvulnerability.io/vulnerability/CVE-2024-45737,Low-Privileged User Vulnerability in Splunk Enterprise,"In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).",Splunk,"Splunk Enterprise,Splunk Cloud Platform",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45732,https://securityvulnerability.io/vulnerability/CVE-2024-45732,Low-Privileged User Vulnerability in Splunk Enterprise,"In specific versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability allows low-privileged users, lacking the 'admin' or 'power' roles, to execute searches as the 'nobody' user within the SplunkDeploymentServerConfig app. This could potentially expose sensitive or restricted data, raising significant security concerns for environments where data access needs strict control.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",7.1,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45741,https://securityvulnerability.io/vulnerability/CVE-2024-45741,Splunk Enterprise Version Vulnerability Could Lead to Browser JavaScript Execution,"In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could create a malicious payload through a custom configuration file that the ""api.uri"" parameter from the ""/manager/search/apps/local"" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45736,https://securityvulnerability.io/vulnerability/CVE-2024-45736,"Splunk Enterprise Versions below 9.3.1, 9.2.3, and 9.1.6 Have a Vulnerability in Field Transformation That Can Crash the Splunk Daemon","In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could craft a search query with an improperly formatted  ""INGEST_EVAL"" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).",Splunk,"Splunk Enterprise,Splunk Cloud Platform",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45740,https://securityvulnerability.io/vulnerability/CVE-2024-45740,Low-Privileged User Could Execute Unauthorized JavaScript Code Through Scheduled Views,"In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-36997,https://securityvulnerability.io/vulnerability/CVE-2024-36997,Splunk Enterprise Vulnerability: Arbitrary JavaScript Code Execution in Browser Context,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",4.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-01T16:57:47.904Z,0
CVE-2024-36993,https://securityvulnerability.io/vulnerability/CVE-2024-36993,Low-Privileged User Could Execute Unauthorized JavaScript Code Through Splunk Web Bulletin Messages,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:54:35.379Z,0
CVE-2024-36995,https://securityvulnerability.io/vulnerability/CVE-2024-36995,"Low-Privileged Users Can Create Experimental Items in Splunk Enterprise Versions Below 9.2.2, 9.1.5, and 9.0.10","In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:52:57.700Z,0
CVE-2024-36982,https://securityvulnerability.io/vulnerability/CVE-2024-36982,Splunk Enterprise Crash Vulnerability,"In certain versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability exists that allows an attacker to invoke a null pointer reference on the cluster/config REST endpoint. This flaw may lead to a crash of the Splunk daemon, potentially impacting the availability and functionality of the affected services. Users of these versions should take caution and consider updating to secure versions to mitigate any associated risks.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-01T16:31:04.078Z,0
CVE-2024-36990,https://securityvulnerability.io/vulnerability/CVE-2024-36990,Low-Privileged User Could Cause Denial of Service in Splunk Enterprise,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:30:57.995Z,0
CVE-2024-36992,https://securityvulnerability.io/vulnerability/CVE-2024-36992,Splunk Enterprise Vulnerable to Persistent XSS Attacks,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-07-01T16:30:51.507Z,0
CVE-2024-36986,https://securityvulnerability.io/vulnerability/CVE-2024-36986,Authenticated User Could Run Risky Commands Using Higher-Privileged User's Permissions to Bypass SPL Safeguards in Analytics Workspace,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",6.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-07-01T16:30:42.325Z,0
CVE-2024-36983,https://securityvulnerability.io/vulnerability/CVE-2024-36983,Authenticated User Vulnerability in Splunk Enterprise and Splunk Cloud Platform Could Allow Arbitrary Code Execution,"In vulnerable versions of Splunk Enterprise and Splunk Cloud Platform, an authenticated user possesses the capability to create an external lookup that invokes a legacy internal function. This function can be exploited to insert malicious code within the Splunk platform installation directory. Consequently, this can lead to the execution of arbitrary code within the Splunk instance, significantly compromising system integrity and data security.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-01T16:30:41.779Z,0
CVE-2024-36996,https://securityvulnerability.io/vulnerability/CVE-2024-36996,Splunk Enterprise Vulnerability: Brute-Force Password Guessing Attacks,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-01T16:30:41.186Z,0
CVE-2024-36994,https://securityvulnerability.io/vulnerability/CVE-2024-36994,Low-Privileged User Vulnerability in Splunk Enterprise and Cloud Platform Could Lead to Execution of Unauthorized JavaScript Code,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:30:40.653Z,0
CVE-2024-36989,https://securityvulnerability.io/vulnerability/CVE-2024-36989,Low-Privileged User Could Create Notifications in Splunk Web Bulletin Messages,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:30:38.545Z,0
CVE-2024-36987,https://securityvulnerability.io/vulnerability/CVE-2024-36987,Arbitrary File Upload Vulnerability in Splunk Enterprise,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-01T16:30:36.235Z,0
CVE-2024-29946,https://securityvulnerability.io/vulnerability/CVE-2024-29946,Splunk Enterprise Vulnerability: Risky SPL Commands in Dashboard Examples Hub,"In Splunk Enterprise prior to version 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub contains a security vulnerability that allows unsafe SPL commands to be executed without proper safeguards. Attackers can exploit this vulnerability by tricking users into initiating specially crafted requests, leading to potential unauthorized actions that compromise system integrity. It's crucial for organizations using affected versions to apply necessary security measures to protect against such attacks.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",8.1,HIGH,0.000910000002477318,false,,true,false,false,,,false,false,,2024-03-27T17:15:00.000Z,0
CVE-2024-23676,https://securityvulnerability.io/vulnerability/CVE-2024-23676,Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command,"In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.",Splunk,"Splunk Enterprise,Splunk Cloud",4.6,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-01-22T20:37:42.546Z,0
CVE-2024-23677,https://securityvulnerability.io/vulnerability/CVE-2024-23677,Server Response Disclosure in RapidDiag Salesforce.com Log File,"In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.",Splunk,"Splunk Enterprise,Splunk Cloud",4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-01-22T20:37:41.993Z,0
CVE-2024-23675,https://securityvulnerability.io/vulnerability/CVE-2024-23675,Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion,"In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.",Splunk,"Splunk Enterprise,Splunk Cloud",6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-01-22T20:37:23.117Z,0
CVE-2023-46214,https://securityvulnerability.io/vulnerability/CVE-2023-46214,Splunk Enterprise Vulnerability: Remote Code Execution via Malicious XSLT,"The CVE-2023-46214 vulnerability affects Splunk Enterprise versions below 9.0.7 and 9.1.2, allowing attackers to execute remote code by uploading malicious XSLT. A proof-of-concept exploit has been made public, prompting users to apply patches or workarounds provided by Splunk to mitigate the risk. There are no known exploitations in the wild by ransomware groups at this time.",Splunk,"Splunk Enterprise,Splunk Cloud",8,HIGH,0.17511999607086182,false,,true,false,true,2023-11-18T00:00:00.000Z,,false,false,,2023-11-16T21:15:00.000Z,0