cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-53246,https://securityvulnerability.io/vulnerability/CVE-2024-53246,Sensitive Information Disclosure in Splunk Enterprise and Cloud Platform,"A vulnerability exists in Splunk Enterprise and Splunk Cloud Platform that allows the disclosure of sensitive information through the exploitation of specific SPL commands. This risk could arise when another vulnerability, such as a Risky Commands Bypass, is present, enabling potential attackers to access confidential data inadvertently exposed through the affected versions.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T18:15:00.000Z,0
CVE-2024-53244,https://securityvulnerability.io/vulnerability/CVE-2024-53244,Privilege Escalation in Splunk Enterprise and Cloud Platforms,"A vulnerability exists in Splunk Enterprise and Cloud Platforms that allows low-privileged users to execute saved searches with risky commands. This occurs through misuse of the permissions of higher-privileged users, specifically on the '/en-US/app/search/report' endpoint. Attackers can exploit this by tricking users into making requests via phishing methods, leading to a circumvention of standard SPL safeguards. Proper administrative controls and user education are essential to mitigate this risk.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T18:15:00.000Z,0
CVE-2024-53245,https://securityvulnerability.io/vulnerability/CVE-2024-53245,Insufficient Access Control in Splunk Enterprise and Splunk Cloud Platform,"In certain versions of Splunk Enterprise and Splunk Cloud Platform, a flaw exists that allows low-privileged users to clone dashboards they should not access due to insufficient access controls. This occurs when a user's name matches that of a role with read access to the dashboard. As a result, these users may inadvertently expose sensitive dashboard names and XML configurations, presenting a potential security risk.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",3.1,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T18:15:00.000Z,0
CVE-2024-45737,https://securityvulnerability.io/vulnerability/CVE-2024-45737,Low-Privileged User Vulnerability in Splunk Enterprise,"In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).",Splunk,"Splunk Enterprise,Splunk Cloud Platform",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45736,https://securityvulnerability.io/vulnerability/CVE-2024-45736,"Splunk Enterprise Versions below 9.3.1, 9.2.3, and 9.1.6 Have a Vulnerability in Field Transformation That Can Crash the Splunk Daemon","In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could craft a search query with an improperly formatted  ""INGEST_EVAL"" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).",Splunk,"Splunk Enterprise,Splunk Cloud Platform",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45732,https://securityvulnerability.io/vulnerability/CVE-2024-45732,Low-Privileged User Vulnerability in Splunk Enterprise,"In specific versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability allows low-privileged users, lacking the 'admin' or 'power' roles, to execute searches as the 'nobody' user within the SplunkDeploymentServerConfig app. This could potentially expose sensitive or restricted data, raising significant security concerns for environments where data access needs strict control.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",7.1,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45741,https://securityvulnerability.io/vulnerability/CVE-2024-45741,Splunk Enterprise Version Vulnerability Could Lead to Browser JavaScript Execution,"In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could create a malicious payload through a custom configuration file that the ""api.uri"" parameter from the ""/manager/search/apps/local"" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45740,https://securityvulnerability.io/vulnerability/CVE-2024-45740,Low-Privileged User Could Execute Unauthorized JavaScript Code Through Scheduled Views,"In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-36997,https://securityvulnerability.io/vulnerability/CVE-2024-36997,Splunk Enterprise Vulnerability: Arbitrary JavaScript Code Execution in Browser Context,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",4.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-01T16:57:47.904Z,0
CVE-2024-36993,https://securityvulnerability.io/vulnerability/CVE-2024-36993,Low-Privileged User Could Execute Unauthorized JavaScript Code Through Splunk Web Bulletin Messages,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:54:35.379Z,0
CVE-2024-36995,https://securityvulnerability.io/vulnerability/CVE-2024-36995,"Low-Privileged Users Can Create Experimental Items in Splunk Enterprise Versions Below 9.2.2, 9.1.5, and 9.0.10","In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:52:57.700Z,0
CVE-2024-36982,https://securityvulnerability.io/vulnerability/CVE-2024-36982,Splunk Enterprise Crash Vulnerability,"In certain versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability exists that allows an attacker to invoke a null pointer reference on the cluster/config REST endpoint. This flaw may lead to a crash of the Splunk daemon, potentially impacting the availability and functionality of the affected services. Users of these versions should take caution and consider updating to secure versions to mitigate any associated risks.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-01T16:31:04.078Z,0
CVE-2024-36990,https://securityvulnerability.io/vulnerability/CVE-2024-36990,Low-Privileged User Could Cause Denial of Service in Splunk Enterprise,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:30:57.995Z,0
CVE-2024-36992,https://securityvulnerability.io/vulnerability/CVE-2024-36992,Splunk Enterprise Vulnerable to Persistent XSS Attacks,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-07-01T16:30:51.507Z,0
CVE-2024-36986,https://securityvulnerability.io/vulnerability/CVE-2024-36986,Authenticated User Could Run Risky Commands Using Higher-Privileged User's Permissions to Bypass SPL Safeguards in Analytics Workspace,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",6.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-07-01T16:30:42.325Z,0
CVE-2024-36983,https://securityvulnerability.io/vulnerability/CVE-2024-36983,Authenticated User Vulnerability in Splunk Enterprise and Splunk Cloud Platform Could Allow Arbitrary Code Execution,"In vulnerable versions of Splunk Enterprise and Splunk Cloud Platform, an authenticated user possesses the capability to create an external lookup that invokes a legacy internal function. This function can be exploited to insert malicious code within the Splunk platform installation directory. Consequently, this can lead to the execution of arbitrary code within the Splunk instance, significantly compromising system integrity and data security.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-01T16:30:41.779Z,0
CVE-2024-36996,https://securityvulnerability.io/vulnerability/CVE-2024-36996,Splunk Enterprise Vulnerability: Brute-Force Password Guessing Attacks,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-01T16:30:41.186Z,0
CVE-2024-36994,https://securityvulnerability.io/vulnerability/CVE-2024-36994,Low-Privileged User Vulnerability in Splunk Enterprise and Cloud Platform Could Lead to Execution of Unauthorized JavaScript Code,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:30:40.653Z,0
CVE-2024-36989,https://securityvulnerability.io/vulnerability/CVE-2024-36989,Low-Privileged User Could Create Notifications in Splunk Web Bulletin Messages,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:30:38.545Z,0
CVE-2024-36987,https://securityvulnerability.io/vulnerability/CVE-2024-36987,Arbitrary File Upload Vulnerability in Splunk Enterprise,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-01T16:30:36.235Z,0
CVE-2024-29946,https://securityvulnerability.io/vulnerability/CVE-2024-29946,Splunk Enterprise Vulnerability: Risky SPL Commands in Dashboard Examples Hub,"In Splunk Enterprise prior to version 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub contains a security vulnerability that allows unsafe SPL commands to be executed without proper safeguards. Attackers can exploit this vulnerability by tricking users into initiating specially crafted requests, leading to potential unauthorized actions that compromise system integrity. It's crucial for organizations using affected versions to apply necessary security measures to protect against such attacks.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",8.1,HIGH,0.000910000002477318,false,,true,false,false,,,false,false,,2024-03-27T17:15:00.000Z,0
CVE-2023-32717,https://securityvulnerability.io/vulnerability/CVE-2023-32717,Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results,"On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",4.3,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2023-06-01T17:15:00.000Z,0
CVE-2023-32706,https://securityvulnerability.io/vulnerability/CVE-2023-32706,Denial Of Service due to Untrusted XML Tag in XML Parser within  SAML Authentication,"A denial of service vulnerability exists in Splunk Enterprise, impacting versions before 9.0.5, 8.2.11, and 8.1.14. An unauthenticated attacker can exploit this flaw by sending specially-crafted messages to the XML parser during SAML authentication, resulting in the Splunk daemon becoming unresponsive. Organizations using vulnerable versions should seek updates and take immediate action to mitigate potential service disruption.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",7.7,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2023-06-01T17:15:00.000Z,0
CVE-2023-32707,https://securityvulnerability.io/vulnerability/CVE-2023-32707,‘edit_user’ Capability Privilege Escalation,"In specific versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability exists that allows users with low privileges who possess the 'edit_user' capability to escalate their privileges to that of an admin. By sending crafted web requests, these users can gain unauthorized access to administrative functions, potentially compromising the security and integrity of the system. Immediate updates to the latest software versions are recommended to mitigate this risk.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",8.8,HIGH,0.8863499760627747,false,,false,false,true,2023-11-14T04:06:08.000Z,true,false,false,,2023-06-01T17:15:00.000Z,0
CVE-2023-32708,https://securityvulnerability.io/vulnerability/CVE-2023-32708,HTTP Response Splitting via the ‘rest’ SPL Command,"In certain versions of Splunk Enterprise and Splunk Cloud Platform, low-privileged users may exploit an HTTP response splitting vulnerability. By using the ‘rest’ SPL command, these users can inadvertently manipulate HTTP responses, potentially gaining unauthorized access to REST endpoints within the system. This flaw affects various versions of Splunk products, emphasizing the importance of implementing security measures and applying updates promptly to mitigate risk.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",7.2,HIGH,0.0015300000086426735,false,,false,false,false,,,false,false,,2023-06-01T17:15:00.000Z,0