CINXE.COM
Splunk Vulnerability Disclosure
<!doctype html><html lang="en" class="no-js"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title> Splunk Vulnerability Disclosure</title><meta property="og:site_name" content="Splunk Vulnerability Disclosure"><meta property="og:site_description" content="Splunk Vulnerability Disclosure"><meta property="og:title" content=""><meta property="og:description" content=""><meta property="og:locale" content="en-US"><meta property="og:url" content=""><meta property="og:image" content="/assets/img/logo_color.jpg"><link rel="shortcut icon" type="image/x-icon" href="/assets/img/favicon.png"/><link rel="stylesheet" href="/assets/css/datatables.css"><link rel="stylesheet" href="/assets/css/main.css"><link rel="stylesheet" href="/assets/css/fontawesome-free-6.2.0.css"> <script src="/assets/js/jquery-3.7.1.js"></script> <script src="/assets/js/jquery.greedy-navigation.js"></script> <script src="/assets/js/datatables.js"></script> <script src="/assets/js/main.js"></script></head><body class="layout--center"><div class="masthead"><div class="masthead__inner-wrap"><div class="masthead__menu"><nav class="greedy-nav"> <a class="site-logo" href="https://www.splunk.com/"><img src="/assets/img/logo.svg" alt=" "></a><ul class="visible-links"><li class="advisory-hide-on-mobile masthead__menu-item"> <a href="/" class="advisory-link">Home</a></li><li class="advisory-hide-on-mobile masthead__menu-item"> <a href="/report" class="advisory-link">Report a Vulnerability</a></li><li class="advisory-hide-on-mobile masthead__menu-item"> <a href="/faqs" class="advisory-link">FAQs</a></li><li class="advisory-hide-on-mobile masthead__menu-item"> <a href="https://www.splunk.com/en_us/form/splunk-security-advisories-notification.html" class="advisory-link">Mailing List</a></li></ul><button class="greedy-nav__toggle hidden advisory-show-on-mobile" type="button"> <span class="visually-hidden">Toggle menu</span><div class="navicon"></div></button><ul class="hidden-links hidden advisory-show-on-mobile"><li class="masthead__menu-item"> <a href="/">Home</a></li><li class="masthead__menu-item"> <a href="/report">Report a Vulnerability</a></li><li class="masthead__menu-item"> <a href="/faqs">FAQs</a></li><li class="masthead__menu-item"> <a href="https://www.splunk.com/en_us/form/splunk-security-advisories-notification.html">Mailing List</a></li></ul></nav></div></div></div><div class="initial-content"><style> .page__hero--overlay { background-color: #000; background-image: linear-gradient(rgba(0, 0, 0, 0.0), rgba(0, 0, 0, 0.0)), url('/assets/img/banner_slash.jpg'); " } @media screen and (max-width: 800px) { .page__hero--overlay { background-image: linear-gradient(rgba(0, 0, 0, 0.0), rgba(0, 0, 0, 0.0)), url('/assets/img/banner_slash_mobile.jpg'); } }</style><style> @media screen and (max-width: 600px) { .page__hero--overlay { background-image: linear-gradient(rgba(0, 0, 0, 0.0), rgba(0, 0, 0, 0.0)), url('/assets/img/banner_slash_mobile.jpg'); } }</style><div class="page__hero--overlay"><div class="wrapper advisory-page-hero"><h1 class="advisory-page-hero" itemprop="headline"> Splunk Security Advisories</h1></div></div><div id="main" role="main"><article class="splash"><section class="page__content"><div class="advisory-show-on-mobile"><p> </p></div><p>This page lists announcements of Splunk Security Advisories. Security Advisories are collections of disclosures and security fixes for supported versions of Splunk products. See the <a href="https://www.splunk.com/en_us/legal/splunk-software-support-policy.html">Splunk Support Policy</a> and <a href="https://www.splunk.com/en_us/about-splunk/splunk-data-security-and-privacy/product-security-at-splunk.html#disclosure-standards">Product Security at Splunk</a> for more information.</p><p>Splunk encourages customers to subscribe to the <a href="https://www.splunk.com/en_us/form/splunk-security-advisories-notification.html">Mailing List</a> and add its <a href="https://advisory.splunk.com/feed.xml">Really Simple Syndication (RSS)</a> feed to their RSS reader to receive a notification when Splunk publishes the advisories. Customers who require additional information that a Security Advisory does not address can visit the <a href="http://login.splunk.com/page/sso_redirect?type=portal">Support Portal</a> and submit a New Case.</p><div> <script> $(document).ready(function() { $('#advisory-table-all').DataTable({ dom: '<"row1"<"left"f><"right"l>><"row2"<"left"Q><"right"B>>tip', searchBuilder: {}, buttons: [ {extend: 'colvis', text: "columns ▾"}, {extend: 'pdf', exportOptions: {columns: ':visible'}, text: "pdf"}, {extend: 'csv', exportOptions: {columns: ':visible'}, text: "csv"} ], order: [[1, 'desc'],[0, 'desc']], pageLength: 50, autoWidth: false, columnDefs: [ {type: 'date', targets: [1, 0]}, {visible: false, targets: [2, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20]} ], language: { lengthMenu: "show _MENU_", search: "", searchPlaceholder: "Search..." } }); }); </script><table class="advisory-table-all" id="advisory-table-all"><thead class="advisory-th"><tr class="advisory-tr-th"><th class="advisory-td">SVD</th><th class="advisory-td">Date</th><th class="advisory-td">Last Modified</th><th class="advisory-td advisory-td-title">Title</th><th class="advisory-td">Severity</th><th class="advisory-td">CVE</th><th class="advisory-td">CVSS Vector</th><th class="advisory-td">CVSS Score</th><th class="advisory-td">CWE</th><th class="advisory-td">Bug</th><th class="advisory-td">Affected Products</th><th class="advisory-td">Fixed Versions</th><th class="advisory-td">Affected Versions</th><th class="advisory-td">All Affected Versions</th><th class="advisory-td">Affected Components</th><th class="advisory-td">Description</th><th class="advisory-td">Solution</th><th class="advisory-td">Mitigations</th><th class="advisory-td">Severity Summary</th><th class="advisory-td">OSS</th><th class="advisory-td">Credit</th></tr></thead><tbody><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1015">SVD-2024-1015</a></td><td label="Published" class="advisory-td">2024-10-30</td><td label="Modified" class="advisory-td">2024-10-30</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1015">Third-Party Package Updates in the Splunk Add-on for Cisco Meraki - October 2024</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector"></td><td class="advisory-td" label="CVSS Score"></td><td class="advisory-td" label="CWE"></td><td class="advisory-td" label="Bug"></td><td class="advisory-td" label="Affected Product"> Splunk Add-on for Cisco Meraki 2.2<br /></td><td class="advisory-td" label="Fixed Versions"> 2.2.0<br /></td><td class="advisory-td" label="Affected Versions"> Below 2.2.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>2.2.0</span><br /></td><td class="advisory-td" label="Affected Components"> <br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in the Splunk Add-on for Cisco Meraki version 2.2.0 and higher, including the following:</td><td class="advisory-td" label="Solution">Upgrade Splunk Add-on for Cisco Meraki versions 2.2.0 or higher.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted one of the following ratings:<br>- Where applicable, the severity rating that the vendor published, or<br>- The national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating, otherwise.</td><td class="advisory-td" label="OSS"> CVE-2024-3651 - idna - Upgraded to 3.8 - High - <br /> CVE-2024-37891 - urllib3 - Upgraded to 1.26.20 - Medium - <br /> CVE-2024-34062 - tqdm - Removed - Medium - <br /> CVE-2024-39689 - certifi - Upgraded to 2024.8.30 - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1014">SVD-2024-1014</a></td><td label="Published" class="advisory-td">2024-10-30</td><td label="Modified" class="advisory-td">2024-10-30</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1014">Third-Party Package Updates in the Splunk Add-on for Google Cloud Platform - October 2024</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector"></td><td class="advisory-td" label="CVSS Score"></td><td class="advisory-td" label="CWE"></td><td class="advisory-td" label="Bug"></td><td class="advisory-td" label="Affected Product"> Splunk Add-on for Google Cloud Platform 4.7<br /></td><td class="advisory-td" label="Fixed Versions"> 4.7.0<br /></td><td class="advisory-td" label="Affected Versions"> Below 4.7.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>4.7.0</span><br /></td><td class="advisory-td" label="Affected Components"> <br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in the Splunk Add-on for Google Cloud Platform versions 4.7.0 and higher, including the following:</td><td class="advisory-td" label="Solution">Upgrade the Splunk Add-on for Google Cloud Platform to version 4.7.0 or higher.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted one of the following ratings:<br>- Where applicable, the severity rating that the vendor published, or<br>- The national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating, otherwise.</td><td class="advisory-td" label="OSS"> CVE-2024-37891 - urllib3 - Upgraded to 1.26.19 - Medium - <br /> CVE-2024-39689 - certifi - Upgraded to 2024.7.4 - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1013">SVD-2024-1013</a></td><td label="Published" class="advisory-td">2024-10-17</td><td label="Modified" class="advisory-td">2024-10-17</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1013">Third-Party Package Updates in Splunk Add-on for Office 365 - October 2024</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector"></td><td class="advisory-td" label="CVSS Score"></td><td class="advisory-td" label="CWE"></td><td class="advisory-td" label="Bug"></td><td class="advisory-td" label="Affected Product"> Splunk Add-on for Office 365 4.5.2<br /></td><td class="advisory-td" label="Fixed Versions"> 4.5.2<br /></td><td class="advisory-td" label="Affected Versions"> Below 4.5.2<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>4.5.2</span><br /></td><td class="advisory-td" label="Affected Components"> <br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Add-on for Office 365 versions 4.5.2 and higher, including the following:</td><td class="advisory-td" label="Solution">Upgrade Splunk Add-on for Office 365 versions 4.5.2 or higher.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted one of the following ratings:<br> - Where applicable, the severity rating that the vendor published, or<br> - The national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating, otherwise.</td><td class="advisory-td" label="OSS"> CVE-2024-3651 - idna - Upgraded to 3.7 - High - <br /> CVE-2024-37891 - urllib3 - Upgraded to 1.26.19 - Medium - <br /> CVE-2024-39689 - certifi - Upgraded to 2024.7.4 - High - <br /> CVE-2023-32681 - requests - Upgraded to 2.31.0 - Medium - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1012">SVD-2024-1012</a></td><td label="Published" class="advisory-td">2024-10-14</td><td label="Modified" class="advisory-td">2024-10-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1012">Third-Party Package Updates in Splunk Enterprise - October 2024</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.3<br /> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 9.3.1<br /> 9.2.3<br /> 9.1.6<br /></td><td class="advisory-td" label="Affected Versions"> 9.3.0<br /> 9.2.0 to 9.2.2<br /> 9.1.0 to 9.1.5<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.3.1</span><br /> <span>9.2.3</span><br /> <span>9.1.6</span><br /></td><td class="advisory-td" label="Affected Components"> <br /> <br /> <br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 9.3.1, 9.2.3, 9.1.6, and higher, including the following:</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.3.1, 9.2.3, 9.1.6, or higher.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted one of the following ratings:<br>&nbsp;&nbsp;&nbsp;- Where applicable, the severity rating that the vendor published, or<br>&nbsp;&nbsp;&nbsp;- The national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating, otherwise.</td><td class="advisory-td" label="OSS"> CVE-2023-45803 - urllib3 - Upgraded to 1.26.19 - Medium - <br /> CVE-2023-43804 - urllib3 - Upgraded to 1.26.19 - Medium - <br /> CVE-2024-37891 - urllib3 - Upgraded to 1.26.19 - Medium - <br /> CVE-2024-35195 - requests - Upgraded to 1.32.3 - Medium - Upgrade requests in $SPLUNK_HOME/lib/python3.9/site-packages/ in 9.3.1<br /> CVE-2024-35195 - requests - Applied patch to 2.31.0 - Medium - Applied the patch for CVE-2024-35195 to requests 2.31.0 in $SPLUNK_HOME/lib/python3.7/site-packages/<br /> CVE-2022-42969 - py - Removed - Medium - Splunk removed pypi:py from the splunk-rolling-upgrade app in 9.3.0, 9.2.3, and 9.1.6<br /> Multiple - OpenLDAP - Upgraded to 2.4.59 - Multiple - Upgraded OpenLDAP in splunkd to remedy CVE-2020-12243, CVE-2020-15719, CVE-2020-25692, CVE-2020-36222, CVE-2020-36223, CVE-2020-36221, CVE-2020-36224, CVE-2020-36225, CVE-2020-36229, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36230, CVE-2021-27212, CVE-2017-14159, CVE-2017-17740, CVE-2019-13057, and CVE-2019-13565.<br /> CVE-2022-29155 - OpenLDAP - Applied patch to 2.4.59 - Informational - <br /> CVE-2023-2953 - OpenLDAP - Applied patch to 2.4.59 - High - <br /> CVE-2015-3276 - OpenLDAP - Applied patch to 2.4.59 - High - <br /> CVE-2024-28180 - go-jose.v2 - Upgrade to 2.6.3 - Medium - Upgraded in $SPLUNK_HOME/bin/compsup, $SPLUNK_HOME/etc/apps/splunk_assist/bin/linux_x86_64/assistsup and $SPLUNK_HOME/etc/apps/splunk_assist/bin/windows_x86_64/assistsup.exe<br /> Multiple - golang.org/x/net - Upgraded to 0.23.0 - Multiple - Upgraded in $SPLUNK_HOME/bin/compsup, $SPLUNK_HOME/etc/apps/splunk_assist/bin/linux_x86_64/assistsup and $SPLUNK_HOME/etc/apps/splunk_assist/bin/windows_x86_64/assistsup.exe to remedy CVE-2023-45288, CVE-2023-44487, and CVE-2023-39325<br /> CVE-2024-24786 - google.golang.org/protobuf - Upgraded to 1.34.1 - Informational - Upgraded in $SPLUNK_HOME/bin/compsup, $SPLUNK_HOME/etc/apps/splunk_assist/bin/linux_x86_64/assistsup and $SPLUNK_HOME/etc/apps/splunk_assist/bin/windows_x86_64/assistsup.exe<br /> CVE-2023-44487 - google.golang.org/grpc - Upgrade to 1.62.1 - High - Upgraded in $SPLUNK_HOME/etc/apps/splunk_assist/bin/linux_x86_64/assistsup and $SPLUNK_HOME/etc/apps/splunk_assist/bin/windows_x86_64/assistsup.exe<br /> CVE-2023-48795 - golang.org/x/crypto - Upgrade to 0.23.0 - Medium - Upgraded in $SPLUNK_HOME/bin/mongodump and $SPLUNK_HOME/bin/mongorestore<br /> CVE-2023-48795 - golang.org/x/crypto - Upgrade to 0.21.0 - Medium - Upgraded in $SPLUNK_HOME/bin/compsup. The compsup binary is not present in 9.1 versions.<br /> CVE-2023-47108 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc - 0.49.0 - High - Upgraded in $SPLUNK_HOME/bin/compsup. The compsup binary is not present in 9.1 versions.<br /> CVE-2023-45142 - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp - 0.49.0 - High - Upgraded in $SPLUNK_HOME/bin/compsup. The compsup binary is not present in 9.1 versions.<br /> CVE-2024-24557 - github.com/docker/docker - Upgraded to 26.0.0 - Medium - Upgraded in $SPLUNK_HOME/bin/compsup. The compsup binary is not present in 9.1 versions.<br /> Multiple - golang - Upgraded golang in assistsup to 1.22.4 - Multiple - Upgraded $SPLUNK_HOME/etc/apps/splunk_assist/bin/linux_x86_64/assistsup and $SPLUNK_HOME/etc/apps/splunk_assist/bin/windows_x86_64/assistsup.exe from 1.22.1 to 1.22.4 to remedy CVE-2024-24790 and CVE-2023-45288.<br /> Multiple - golang - Upgraded golang in compsup to 1.22.4 - Multiple - Upgraded $SPLUNK_HOME/bin/compsup from 1.22.1 to 1.22.4 to remedy CVE-2024-24790 and CVE-2023-45288<br /> Multiple - golang - Upgraded golang mongodump and mongorestore to 1.22.4 - Multiple - Upgraded $SPLUNK_HOME/bin/mongodump and $SPLUNK_HOME/bin/mongorestore from 1.20.10 to 1.22.4 to remedy CVE-2023-45288, CVE-2023-39318, CVE-2023-45285, CVE-2023-45284, CVE-2023-45283, CVE-2023-39326, CVE-2023-39319, and CVE-2024-24790<br /> Multiple - golang - Removed spl2-orchestrator binary - Multiple - Splunk Enterprise 9.2.3 removed the $SPLUNK_HOME/bin/spl2-orchestrator binary to remedy CVE-2023-26125, CVE-2023-29401, CVE-2023-39325, CVE-2023-3978, CVE-2023-44487, CVE-2023-45288, CVE-2023-44487, CVE-2023-48795, CVE-2023-50658, CVE-2024-24786, CVE-2024-28180, CVE-2024-24790, CVE-2023-45288, CVE-2023-45285, CVE-2023-45284, CVE-2023-45283, CVE-2023-39326, CVE-2023-39323, CVE-2023-39322, CVE-2023-39321, CVE-2023-39320, CVE-2023-39319, and CVE-2023-39318. The spl2-orchestrator binary was present in versions 9.2.0 through 9.2.2.<br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1011">SVD-2024-1011</a></td><td label="Published" class="advisory-td">2024-10-14</td><td label="Modified" class="advisory-td">2024-10-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1011">Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-45741">CVE-2024-45741</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N</td><td class="advisory-td" label="CVSS Score">5.4</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">VULN-17034</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.3<br /> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Cloud Platform 9.2.2403<br /> Splunk Cloud Platform 9.1.2312<br /></td><td class="advisory-td" label="Fixed Versions"> 9.3.0<br /> 9.2.3<br /> 9.1.6<br /> 9.2.2403.108<br /> 9.1.2312.205<br /></td><td class="advisory-td" label="Affected Versions"> Not affected<br /> 9.2.0 to 9.2.2<br /> 9.1.0 to 9.1.5<br /> 9.2.2403.100 to 9.2.2403.107<br /> Below 9.1.2312.205<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.3.0</span><br /> <span>9.2.3</span><br /> <span>9.1.6</span><br /> <span>9.2.2403.108</span><br /> <span>9.1.2312.205</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.3.0, 9.2.3, 9.1.6, or higher.<br><br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">The vulnerability affects instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) enabled, turning Splunk Web off is a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 5.4, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.<br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1010">SVD-2024-1010</a></td><td label="Published" class="advisory-td">2024-10-14</td><td label="Modified" class="advisory-td">2024-10-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1010">Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-45740">CVE-2024-45740</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N</td><td class="advisory-td" label="CVSS Score">5.4</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">VULN-16899</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.3<br /> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Cloud Platform 9.2.2403<br /></td><td class="advisory-td" label="Fixed Versions"> 9.3.0<br /> 9.2.3<br /> 9.1.6<br /> 9.2.2403.100<br /></td><td class="advisory-td" label="Affected Versions"> Not affected<br /> 9.2.0 to 9.2.2<br /> 9.1.0 to 9.1.5<br /> Below 9.2.2403<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.3.0</span><br /> <span>9.2.3</span><br /> <span>9.1.6</span><br /> <span>9.2.2403.100</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.3.0, 9.2.3, 9.1.6, or higher.<br><br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">The vulnerability affects instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) enabled, turning Splunk Web off is a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 5.4, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.<br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1009">SVD-2024-1009</a></td><td label="Published" class="advisory-td">2024-10-14</td><td label="Modified" class="advisory-td">2024-10-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1009">Sensitive information disclosure in AdminManager logging channel</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-45739">CVE-2024-45739</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N</td><td class="advisory-td" label="CVSS Score">4.9</td><td class="advisory-td" label="CWE">CWE-200</td><td class="advisory-td" label="Bug">VULN-15407</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.3<br /> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 9.3.1<br /> 9.2.3<br /> 9.1.6<br /></td><td class="advisory-td" label="Affected Versions"> 9.3.0<br /> 9.2.0 to 9.2.2<br /> 9.1.0 to 9.1.5<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.3.1</span><br /> <span>9.2.3</span><br /> <span>9.1.6</span><br /></td><td class="advisory-td" label="Affected Components"> splunkd<br /> splunkd<br /> splunkd<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise `AdminManager` log channel at the DEBUG logging level.<br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) in the Splunk documentation for more information.</td><td class="advisory-td" label="Solution">There are multiple solutions depending on how you have configured the Splunk Enterprise instance `AdminManager` log channel.<br><br>First, determine whether or not debug logging is on for the `AdminManager` log channel. You must log into the Splunk Enterprise instance as an admin user or equivalent to perform these actions. To determine the logging level for this log channel on the instance:<br>&nbsp;&nbsp;&nbsp;1. In a web browser, visit the Server Logging Settings page in Splunk Web at `/en-US/manager/system/server/logger`.<br>&nbsp;&nbsp;&nbsp;2. Review the Logging Level column on the page that loads. If the `AdminManager` row in this column shows DEBUG as the logging level, then the Splunk Enterprise `AdminManager` log channel is in debug mode. Otherwise, it is not in debug mode.<br>See [Enable debug logging](https://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Enabledebuglogging) for more information.<br><br>If the previous steps determine that debug logging is enabled in that log channel, then remedy the problem by performing the following tasks:<br>&nbsp;&nbsp;&nbsp;1. Upgrade Splunk Enterprise to versions 9.3.1, 9.2.3, 9.1.6, or higher.<br>&nbsp;&nbsp;&nbsp;2. Delete the following log file on the Splunk Enterprise instance: `$SPLUNK_HOME/var/log/splunk/splunkd.log`<br>&nbsp;&nbsp;&nbsp;3. Delete all the Splunk Enterprise log file events for the `AdminManager` component from the `_internal` index by running the following search command:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`index=_internal component=AdminManager | delete`</td><td class="advisory-td" label="Mitigations">If it isn’t currently possible to upgrade to a fixed version of Splunk Enterprise, you can remedy the vulnerability by doing the following:<br>&nbsp;&nbsp;&nbsp;1. Configure the `AdminManager` log channel to a logging level that is less verbose than DEBUG.<br>&nbsp;&nbsp;&nbsp;2. Delete the following log file on the Splunk Enterprise instance: `$SPLUNK_HOME/var/log/splunk/splunkd.log`<br>&nbsp;&nbsp;&nbsp;3. Delete all the Splunk Enterprise log file events for `AdminManager` component from the `_internal` index by running the following search command:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`index=_internal component=AdminManager | delete`</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as a 4.9, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Eric McGinnis, Splunk<br /> Rod Soto, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1008">SVD-2024-1008</a></td><td label="Published" class="advisory-td">2024-10-14</td><td label="Modified" class="advisory-td">2024-10-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1008">Sensitive information disclosure in REST_Calls logging channel</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-45738">CVE-2024-45738</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N</td><td class="advisory-td" label="CVSS Score">4.9</td><td class="advisory-td" label="CWE">CWE-200</td><td class="advisory-td" label="Bug">VULN-15407</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.3<br /> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 9.3.1<br /> 9.2.3<br /> 9.1.6<br /></td><td class="advisory-td" label="Affected Versions"> 9.3.0<br /> 9.2.0 to 9.2.2<br /> 9.1.0 to 9.1.5<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.3.1</span><br /> <span>9.2.3</span><br /> <span>9.1.6</span><br /></td><td class="advisory-td" label="Affected Components"> splunkd<br /> splunkd<br /> splunkd<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level.<br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) in the Splunk documentation for more information.</td><td class="advisory-td" label="Solution">There are multiple solutions depending on how you have configured the Splunk Enterprise instance `REST_Calls` log channel.<br><br>First, determine whether or not debug logging is on for the `REST_Calls` log channel. You must log into the Splunk Enterprise instance as an admin user or equivalent to perform these actions.To determine the log channel logging mode on the instance:<br>&nbsp;&nbsp;&nbsp;1. In a web browser, visit the Server Logging Settings page in Splunk Web at `/en-US/manager/system/server/logger`.<br>&nbsp;&nbsp;&nbsp;2. Review the Logging Level column on the page that loads. If the `REST_Calls` row in this column shows DEBUG as the logging level, then the Splunk Enterprise REST_Call log channel is in debug mode. Otherwise, it is not in debug mode.<br>See [Enable debug logging](https://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Enabledebuglogging) for more information.<br><br>If the previous steps determine that debug logging is enabled in that log channel, then remedy the problem by performing the following tasks:<br>&nbsp;&nbsp;&nbsp;1. Upgrade Splunk Enterprise to versions 9.3.1, 9.2.3, 9.1.6, or higher.<br>&nbsp;&nbsp;&nbsp;2. Delete the following log file on the Splunk Enterprise instance: `$SPLUNK_HOME/var/log/splunk/splunkd.log`<br>&nbsp;&nbsp;&nbsp;3. Delete all the Splunk Enterprise log file events for the `REST_Calls` component from the `_internal` index by running the following search command:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`index=_internal component=REST_Calls | delete`</td><td class="advisory-td" label="Mitigations">If it isn’t currently possible to upgrade to a fixed version of Splunk Enterprise, you can remedy the vulnerability by doing the following:<br>&nbsp;&nbsp;&nbsp;1. Configure the `REST_Calls` log channel to a logging level that is less verbose than DEBUG.<br>&nbsp;&nbsp;&nbsp;2. Delete the following log file on the Splunk Enterprise instance: `$SPLUNK_HOME/var/log/splunk/splunkd.log`<br>&nbsp;&nbsp;&nbsp;3. Delete all of the Splunk Enterprise log file events for the `REST_Calls` component from the `_internal` index by running the following search command:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`index=_internal component=REST_Calls | delete`</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as a 4.9, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Eric McGinnis, Splunk<br /> Rod Soto, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1007">SVD-2024-1007</a></td><td label="Published" class="advisory-td">2024-10-14</td><td label="Modified" class="advisory-td">2024-10-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1007">Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF)</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-45737">CVE-2024-45737</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-352</td><td class="advisory-td" label="Bug">VULN-15375</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.3<br /> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Cloud Platform 9.2.2403<br /> Splunk Cloud Platform 9.1.2312<br /></td><td class="advisory-td" label="Fixed Versions"> 9.3.1<br /> 9.2.3<br /> 9.1.6<br /> 9.2.2403.108<br /> 9.1.2312.204<br /></td><td class="advisory-td" label="Affected Versions"> 9.3.0<br /> 9.2.0 to 9.2.2<br /> 9.1.0 to 9.1.5<br /> 9.2.2403.102 to 9.2.2403.107<br /> Below 9.1.2312.204<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.3.1</span><br /> <span>9.2.3</span><br /> <span>9.1.6</span><br /> <span>9.2.2403.108</span><br /> <span>9.1.2312.204</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.3.1, 9.2.3, 9.1.6, or higher.<br><br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">The vulnerability affects instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) turned on. You could turn Splunk Web off as a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on turning Splunk Web off.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as a 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L. <br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1006">SVD-2024-1006</a></td><td label="Published" class="advisory-td">2024-10-14</td><td label="Modified" class="advisory-td">2024-10-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1006">Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-45736">CVE-2024-45736</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">6.5</td><td class="advisory-td" label="CWE">CWE-400</td><td class="advisory-td" label="Bug">VULN-16989</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.3<br /> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Cloud Platform 9.2.2403<br /> Splunk Cloud Platform 9.1.2312<br /> Splunk Cloud Platform 9.1.2312<br /></td><td class="advisory-td" label="Fixed Versions"> 9.3.1<br /> 9.2.3<br /> 9.1.6<br /> 9.2.2403.107<br /> 9.1.2312.204<br /> 9.1.2312.111<br /></td><td class="advisory-td" label="Affected Versions"> 9.3.0<br /> 9.2.0 to 9.2.2<br /> 9.1.0 to 9.1.5<br /> 9.2.2403.100 to 9.2.2403.106<br /> 9.1.2312.200 to 9.1.2312.203<br /> Below 9.1.2312.111<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.3.1</span><br /> <span>9.2.3</span><br /> <span>9.1.6</span><br /> <span>9.2.2403.107</span><br /> <span>9.1.2312.204</span><br /> <span>9.1.2312.111</span><br /></td><td class="advisory-td" label="Affected Components"> splunkd<br /> splunkd<br /> splunkd<br /> splunkd<br /> splunkd<br /> splunkd<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly-formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.3.1, 9.2.3, 9.1.6, or higher.<br><br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 6.5, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1005">SVD-2024-1005</a></td><td label="Published" class="advisory-td">2024-10-14</td><td label="Modified" class="advisory-td">2024-10-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1005">Improper Access Control for low-privileged user in Splunk Secure Gateway App</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-45735">CVE-2024-45735</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-284</td><td class="advisory-td" label="Bug">VULN-12960</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.3<br /> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Secure Gateway 3.7<br /> Splunk Secure Gateway 3.6<br /> Splunk Secure Gateway 3.4<br /></td><td class="advisory-td" label="Fixed Versions"> 9.3.0<br /> 9.2.3<br /> 9.1.6<br /> 3.7.0<br /> 3.6.17<br /> 3.4.259<br /></td><td class="advisory-td" label="Affected Versions"> Not affected<br /> 9.2.0 to 9.2.2<br /> 9.1.0 to 9.1.5<br /> Not affected<br /> 3.6.0 to 3.6.16<br /> Below 3.4.259<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.3.0</span><br /> <span>9.2.3</span><br /> <span>9.1.6</span><br /> <span>3.7.0</span><br /> <span>3.6.17</span><br /> <span>3.4.259</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Secure Gateway<br /> Splunk Secure Gateway<br /> Splunk Secure Gateway<br /> <br /> <br /> <br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.3.0, 9.2.3, 9.1.6 or higher.<br><br>Splunk is actively monitoring Splunk Cloud Platform instances and upgrading Splunk Secure Gateway.</td><td class="advisory-td" label="Mitigations">Splunk Mobile, Spacebridge, and Mission Control rely on functionality in $SPLUNK_HOME/etc/apps/splunk_secure_gateway. If you do not use any of the apps, features, or functionality, as a potential mitigation, you may remove or disable the app. See [Manage app and add-on objects](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Managingappobjects).</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as a 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Gabriel Nitu, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1004">SVD-2024-1004</a></td><td label="Published" class="advisory-td">2024-10-14</td><td label="Modified" class="advisory-td">2024-10-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1004">Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-45734">CVE-2024-45734</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-284</td><td class="advisory-td" label="Bug">VULN-16371</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.3<br /> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 9.3.0<br /> 9.2.3<br /> 9.1.6<br /></td><td class="advisory-td" label="Affected Versions"> Not affected<br /> 9.2.0 to 9.2.2<br /> 9.1.0 to 9.1.5<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.3.0</span><br /> <span>9.2.3</span><br /> <span>9.1.6</span><br /></td><td class="advisory-td" label="Affected Components"> pdfgen<br /> pdfgen<br /> pdfgen<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.3.1, 9.2.3, 9.1.6 or higher.</td><td class="advisory-td" label="Mitigations">The vulnerability affects instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) turned on. You could turn Splunk Web off as a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the[ web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on turning Splunk Web off.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. <br>If the machine where Splunk Enterprise is installed does not contain directories with images in them, then there should be no impact and the severity would be Informational.<br><br>If the Splunk Enterprise instance does not run Splunk Web, then there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1003">SVD-2024-1003</a></td><td label="Published" class="advisory-td">2024-10-14</td><td label="Modified" class="advisory-td">2024-10-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1003">Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-45733">CVE-2024-45733</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8</td><td class="advisory-td" label="CWE">CWE-502</td><td class="advisory-td" label="Bug">VULN-16990</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.3<br /> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 9.3.0<br /> 9.2.3<br /> 9.1.6<br /></td><td class="advisory-td" label="Affected Versions"> Not affected<br /> 9.2.0 to 9.2.2<br /> 9.1.0 to 9.1.5<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.3.0</span><br /> <span>9.2.3</span><br /> <span>9.1.6</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to insecure session storage configuration.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.3.0, 9.2.3, and 9.1.6, or higher.</td><td class="advisory-td" label="Mitigations">If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf configuration specification](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) file in the Splunk documentation for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 8.8, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. <br><br>If the Splunk Enterprise instance does not run on Windows, there should be no impact and the severity would be Informational.<br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be Informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Alex Hordijk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1002">SVD-2024-1002</a></td><td label="Published" class="advisory-td">2024-10-14</td><td label="Modified" class="advisory-td">2024-10-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1002">Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-45732">CVE-2024-45732</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N</td><td class="advisory-td" label="CVSS Score">7.1</td><td class="advisory-td" label="CWE">CWE-862</td><td class="advisory-td" label="Bug">VULN-14891</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.3<br /> Splunk Enterprise 9.2<br /> Splunk Cloud Platform 9.2.2403<br /> Splunk Cloud Platform 9.1.2312<br /> Splunk Cloud Platform 9.1.2308<br /></td><td class="advisory-td" label="Fixed Versions"> 9.3.1<br /> 9.2.3<br /> 9.2.2403.103<br /> 9.1.2312.110, 9.1.2312.200<br /> 9.1.2308.208<br /></td><td class="advisory-td" label="Affected Versions"> 9.3.0<br /> 9.2.0 to 9.2.2<br /> 9.2.2403.102 to 9.2.2403.102<br /> 9.1.2312.100 to 9.1.2312.109<br /> Below 9.1.2308.207<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.3.1</span><br /> <span>9.2.3</span><br /> <span>9.2.2403.103</span><br /> <span>9.1.2312.110, 9.1.2312.200</span><br /> <span>9.1.2308.208</span><br /></td><td class="advisory-td" label="Affected Components"> SplunkDeploymentServerConfig<br /> SplunkDeploymentServerConfig<br /> SplunkDeploymentServerConfig<br /> SplunkDeploymentServerConfig<br /> SplunkDeploymentServerConfig<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.3.1, 9.2.3 or higher. Splunk Enterprise 9.1 versions and below are not affected.<br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">You can modify the local.meta file in the `$SPLUNK_HOME/etc/apps/SplunkDeploymentServerConfig/metadata `directory to restrict write access to knowledge objects within Splunk apps.<br>Use the following metadata settings in each file to restrict access:<br>&nbsp;&nbsp;&nbsp;`[]`<br>&nbsp;&nbsp;&nbsp;`access = read : [ * ], write : [ admin ]`<br><br>To apply the same restrictions to other apps by default, you may add the same configuration to the local.meta file in the `$SPLUNK_HOME/etc/apps/<app name>/metadata` directory. <br><br>The vulnerability affects instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) enabled, turning Splunk Web off is a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as a 7.1, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N. <br><br>If the local.meta file in the app directory has the proper metadata settings, there should be no impact and the severity would be Informational.<br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1001">SVD-2024-1001</a></td><td label="Published" class="advisory-td">2024-10-14</td><td label="Modified" class="advisory-td">2024-10-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-1001">Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-45731">CVE-2024-45731</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.0</td><td class="advisory-td" label="CWE">CWE-23</td><td class="advisory-td" label="Bug">VULN-16991</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.3<br /> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 9.3.1<br /> 9.2.3<br /> 9.1.6<br /></td><td class="advisory-td" label="Affected Versions"> 9.3.0<br /> 9.2.0 to 9.2.2<br /> 9.1.0 to 9.1.5<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.3.1</span><br /> <span>9.2.3</span><br /> <span>9.1.6</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. The user could potentially write a malicious DLL which, if loaded, could result in a remote execution of the code within that DLL.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.3.1, 9.2.3, and 9.1.6, or higher.</td><td class="advisory-td" label="Mitigations">See [Installation on Windows](https://docs.splunk.com/Documentation/Splunk/latest/Installation/InstallonWindows) for more information on how to install Splunk Enterprise.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 8.0, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H. <br><br>If the Splunk Enterprise instance is not installed on a separate disk, there is no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Alex Hordijk (hordalex)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0901">SVD-2024-0901</a></td><td label="Published" class="advisory-td">2024-09-30</td><td label="Modified" class="advisory-td">2024-09-30</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0901">Third-Party Package Updates in Splunk Add-on for Amazon Web Services - September 2024</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">NA</td><td class="advisory-td" label="CVSS Score">0.0</td><td class="advisory-td" label="CWE">NA</td><td class="advisory-td" label="Bug">NA</td><td class="advisory-td" label="Affected Product"> Splunk Add-on for Amazon Web Services 7.7<br /></td><td class="advisory-td" label="Fixed Versions"> 7.7.0<br /></td><td class="advisory-td" label="Affected Versions"> Below 7.7.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>7.7.0</span><br /></td><td class="advisory-td" label="Affected Components"> <br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Add-on for Amazon Web Services versions 7.7.0 and higher, including the following:</td><td class="advisory-td" label="Solution">Upgrade Splunk Add-on for Amazon Web Services to versions 7.7.0 or higher.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted one of the following ratings:<br> - Where applicable, the severity rating that the vendor published, or<br> - The national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating, otherwise.</td><td class="advisory-td" label="OSS"> CVE-2024-3651 - idna - Upgraded to 3.7 - High - <br /> CVE-2024-37891 - urllib3 - Upgraded to 1.26.19 - Medium - <br /> CVE-2023-39326 - golang - Upgraded golang to 1.22.5 - Medium - Upgraded parquet_decoder_darwin_amd64, parquet_decoder_linux_amd64, and parquet_decoder_windows_amd64.exe in Splunk_TA_aws/bin/aws_parquet/ from 1.19.8 to 1.22.5.<br /> CVE-2024-39689 - certifi - Upgraded to 2024.7.4 - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0801">SVD-2024-0801</a></td><td label="Published" class="advisory-td">2024-08-12</td><td label="Modified" class="advisory-td">2024-08-12</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0801">Third-Party Package Updates in Python for Scientific Computing - August 2024</a></td><td label="Severity" class="advisory-td">Critical</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector"></td><td class="advisory-td" label="CVSS Score"></td><td class="advisory-td" label="CWE"></td><td class="advisory-td" label="Bug">VULN-16988</td><td class="advisory-td" label="Affected Product"> Python for Scientific Computing (for Linux 64-bit) 4.2<br /> Python for Scientific Computing (for Mac Apple Silicon) 4.2<br /> Python for Scientific Computing (for Mac Intel) 4.2<br /> Python for Scientific Computing (for Windows 64-bit) 4.2<br /></td><td class="advisory-td" label="Fixed Versions"> 4.2.1<br /> 4.2.1<br /> 4.2.1<br /> 4.2.1<br /></td><td class="advisory-td" label="Affected Versions"> 4.2.0<br /> 4.2.0<br /> 4.2.0<br /> 4.2.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>4.2.1</span><br /> <span>4.2.1</span><br /> <span>4.2.1</span><br /> <span>4.2.1</span><br /></td><td class="advisory-td" label="Affected Components"> <br /> <br /> <br /> <br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Python for Scientific Computing version 4.2.1 including the following:</td><td class="advisory-td" label="Solution">Upgrade Python for Scientific Computing (PSC) to version 4.2.1 or higher. <br><br>For Splunk Machine Learning Toolkit (MLTK), upgrading PSC to 4.2.1 requires updating MLTK to 5.4.2 or higher. Upgrading MLTK to 5.4.2 may require retraining models. See [Upgrade the Splunk Machine Learning Toolkit](https://docs.splunk.com/Documentation/MLApp/latest/User/Upgrade) for help upgrading and [Install the Splunk Machine Learning Toolkit](https://docs.splunk.com/Documentation/MLApp/latest/User/Installandconfigure) for more information on the version compatibility.<br><br>For Splunk IT Service Intelligence (ITSI), upgrading PSC to 4.2.1 may cause errors with ITSI Predictive Analytics. After upgrading, ITSI Predictive Analytics models may require retraining. See [Retrain a predictive model in ITSI](https://docs.splunk.com/Documentation/ITSI/latest/SI/ManageModel) for more information.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the vendor's severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.</td><td class="advisory-td" label="OSS"> CVE-2024-3651 - idna - Upgraded to 3.7 - Medium - <br /> CVE-2020-28473 - bottle - Upgraded to 0.12.23 - Medium - <br /> CVE-2022-31799 - bottle - Upgraded to 0.12.23 - Critical - <br /> CVE-2022-40899 - future - Upgraded to 0.18.3 - High - <br /> CVE-2023-25399 - scipy - Upgraded to 1.10.0 - Medium - <br /> CVE-2024-3772 - pydantic - Upgraded to 1.10.13 - Medium - <br /> CVE-2022-25882 - onnx - Upgraded to 1.16.0 - High - <br /> CVE-2024-27318 - onnx - Upgraded to 1.16.0 - High - <br /> CVE-2024-27319 - onnx - Upgraded to 1.16.0 - Medium - <br /> CVE-2021-34141 - numpy - Upgraded to 1.23.0 - Medium - <br /> CVE-2024-37891 - urllib3 - Upgraded to 1.26.19 - Medium - <br /> CVE-2023-45803 - urllib3 - Upgraded to 1.26.19 - Medium - <br /> CVE-2023-43804 - urllib3 - Upgraded to 1.26.19 - Medium - <br /> CVE-2022-45907 - torch - Upgraded to 2.2.2 - Critical - <br /> CVE-2024-31583 - torch - Upgraded to 2.2.2 - High - <br /> CVE-2024-31580 - torch - Upgraded to 2.2.2 - High - <br /> CVE-2024-35195 - requests - Upgraded to 2.32.3 - Medium - <br /> CVE-2023-37920 - certifi - Upgraded to 2024.7.4 - Medium - <br /> CVE-2023-5678 - openssl - Upgraded to 3.3.1 - Medium - <br /> CVE-2023-7018 - transformers - Upgraded to 4.38.1 - High - <br /> CVE-2023-6730 - transformers - Upgraded to 4.38.1 - High - <br /> CVE-2024-3568 - transformers - Upgraded to 4.38.1 - Low - <br /> CVE-2023-2800 - transformers - Upgraded to 4.38.1 - Medium - <br /> CVE-2024-34062 - tqdm - Upgraded to 4.66.4 - Medium - <br /> CVE-2024-6345 - setuptools - Upgraded to 70.0.0 - High - Python for Scientific Computing (for Windows 64-bit) is not affected by CVE-2024-6345<br /> CVE-2022-40897 - setuptools - Upgraded to 70.0.0 - Medium - Python for Scientific Computing (for Windows 64-bit) is not affected by CVE-2022-40897<br /> CVE-2024-5206 - scikit-learn - Upgraded to 1.5.1 - Medium - <br /> CVE-2020-28975 - scikit-learn - Upgraded to 1.5.1 - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0718">SVD-2024-0718</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-10-03</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0718">Third-Party Package Updates in Splunk Enterprise - July 2024</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /></td><td class="advisory-td" label="Affected Components"> <br /> <br /> <br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 9.2.2, 9.1.5, 9.0.10 and higher, including the following:</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.</td><td class="advisory-td" label="Mitigations">Splunk Analytics for Hadoop, Splunk Archiver, Hadoop Data Roll, and Hunk (Legacy) use the listed java packages (hive-exec, jackson-databind, commons-io, snappy-java, avro-sdk, avatica-core and guava). If your Splunk Enterprise instance does not use those features or functionality, it is not impacted. As a potential mitigation, you may remove the packages. Note that the splunk_archiver app may replicate the vulnerable jar files and you may need to remove the replicate files from $SPLUNK_HOME/etc/apps/splunk_archiver as well.<br><br>The Splunk Secure Gateway app remedied vulnerabilities in certifi, requests, idna, and aiohttp. Splunk Mobile, Spacebridge, and Mission Control rely on functionality in $SPLUNK_HOME/etc/apps/splunk_secure_gateway. If you do not use any of the apps, features, or functionality, as a potential mitigation, you may remove or disable the app.</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the vendor's severity rating, when available, or the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating, otherwise.<br><br>For CVE-2023-37920, Splunk adopted the vendor’s severity rating. Please refer to GHSA-xqr8-7jwr-rhp7 for more information.<br><br>If you do not use Splunk Analytics for Hadoop, Splunk Archiver, Hadoop Data Roll, or Hunk (Legacy) the CVEs impacting the listed java packages (hive-exec, jackson-databind, commons-io, snappy-java, avro-sdk, avatica-core and guava) are informational.<br><br>If you disabled or removed Splunk Secure Gateway, the listed CVEs affecting aiohttp, urllib3, and certify are informational.<br><br>For pip and wheel, Splunk Enterprise does not utilize the package and is not impacted by the CVE. However, out of an abundance of caution, Splunk updated the package.</td><td class="advisory-td" label="OSS"> CVE-2023-35116 - jackson-databind - Upgraded to 1.16.1 - Medium - <br /> CVE-2021-29425 - commons-io - Upgraded to 2.15.1 - Medium - <br /> CVE-2023-43642 - snappy-java - Upgraded to 1.1.10.5 - High - <br /> CVE-2023-34453 - snappy-java - Upgraded to 1.1.10.5 - Medium - <br /> CVE-2023-34454 - snappy-java - Upgraded to 1.1.10.5 - Medium - <br /> CVE-2023-34455 - snappy-java - Upgraded to 1.1.10.5 - High - <br /> CVE-2023-39410 - avro-sdk - Upgraded to 1.11.3 - High - <br /> CVE-2022-36364 - avatica-core - Removed - High - Removed avatica-core from hive-exec<br /> CVE-2020-8908 - guava - Removed - Low - Removed guava from hive-exec<br /> CVE-2023-2976 - guava - Removed - Medium - Removed guava from hive-exec<br /> CVE-2018-10237 - guava - Removed - Medium - Removed guava from hive-exec<br /> CVE-2022-3509 - protobuf-java - Upgraded to 3.24.4 - High - Upgrade protobuf-java in hive-exec<br /> CVE-2022-3171 - protobuf-java - Upgraded to 3.24.4 - High - Upgrade protobuf-java in hive-exec<br /> CVE-2022-3510 - protobuf-java - Upgraded to 3.24.4 - High - Upgrade protobuf-java in hive-exec<br /> CVE-2020-13956 - httpclient - Upgraded to 4.15.3 - Medium - Upgrade httpclient in hive-exec<br /> CVE-2023-37276 - aiohttp - Upgraded to 3.8.6 - Medium - Upgraded aiohttp in the Splunk Secure Gateway app, $SPLUNK_HOME/etc/apps/splunk_secure_gateway/lib/aiohttp<br /> CVE-2023-47627 - aiohttp - Upgraded to 3.8.6 - Medium - Upgraded aiohttp in the Splunk Secure Gateway app, $SPLUNK_HOME/etc/apps/splunk_secure_gateway/lib/aiohttp<br /> CVE-2023-43804 - urllib3 - Upgraded to 2.0.7 - Medium - Upgraded urllib3 in the Splunk Secure Gateway app, $SPLUNK_HOME/etc/apps/splunk_secure_gateway/lib/urllib3<br /> CVE-2023-45803 - urllib3 - Upgraded to 2.0.7 - Medium - Upgraded urllib3 in the Splunk Secure Gateway app, $SPLUNK_HOME/etc/apps/splunk_secure_gateway/lib/urllib3<br /> CVE-2023-37920 - certifi - Upgraded to 2024.2.2 - Low - Upgraded certifi in the Splunk Secure Gateway app, $SPLUNK_HOME/etc/apps/splunk_secure_gateway/lib/certifi<br /> CVE-2024-3651 - idna - Upgraded to 3.7 - Medium - Upgraded idna in the Splunk Secure Gateway app, $SPLUNK_HOME/etc/apps/splunk_secure_gateway/lib/idna<br /> CVE-2023-5752 - pip - Upgraded to 24.0 - Informational - <br /> CVE-2022-40897 - setuptools - Upgraded to 65.5.1 - Medium - <br /> CVE-2022-40896 - pygments - Upgraded to 2.15.1 - Medium - <br /> CVE-2022-40898 - wheel - Upgraded to 0.41.2 - Informational - <br /> CVE-2023-32681 - requests - Upgraded to 2.31.0 - Medium - Upgraded requests in $SPLUNK_HOME/lib/python3.7/site-packages/requests<br /> CVE-2022-40899 - future - Upgraded to 1.0.0 - High - Upgraded requests in $SPLUNK_HOME/lib/python3.7/site-packages/future<br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0717">SVD-2024-0717</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0717">Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36997">CVE-2024-36997</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">4.6</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">VULN-8007</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.100<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> Below 9.1.2312.100<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.100</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.<br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">The vulnerability is likely to affect instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) turned on. You could turn Splunk Web off as a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on turning Splunk Web off.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 4.6, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N<br><br>If the Splunk Enterprise instance does not run Splunk Web, there is no impact and the severity is Informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> STÖK / Fredrik Alexandersson<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0716">SVD-2024-0716</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0716">Information Disclosure of user names</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36996">CVE-2024-36996</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</td><td class="advisory-td" label="CVSS Score">5.3</td><td class="advisory-td" label="CWE">CWE-204</td><td class="advisory-td" label="Bug">VULN-3072</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.109<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> Below 9.1.2312.109<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.109</span><br /></td><td class="advisory-td" label="Affected Components"> SAML<br /> SAML<br /> SAML<br /> SAML<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks.<br><br>This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.<br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability a 5.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.<br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0715">SVD-2024-0715</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0715">Low-privileged user could create experimental items</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36995">CVE-2024-36995</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-862</td><td class="advisory-td" label="Bug">VULN-15941</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /> Splunk Cloud Platform 9.1.2308<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.200<br /> 9.1.2308.207<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> Below 9.1.2312.200<br /> Below 9.1.2308.207<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.200</span><br /> <span>9.1.2308.207</span><br /></td><td class="advisory-td" label="Affected Components"> REST API<br /> REST API<br /> REST API<br /> REST API<br /> REST API<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the “admin” or “power” Splunk roles could create experimental items.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.<br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> MrHack<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0714">SVD-2024-0714</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0714">Persistent Cross-site Scripting (XSS) in Dashboard Elements</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36994">CVE-2024-36994</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N</td><td class="advisory-td" label="CVSS Score">5.4</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">VULN-15625</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /> Splunk Cloud Platform 9.1.2308<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.200<br /> 9.1.2308.207<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> Below 9.1.2312.200<br /> Below 9.1.2308.207<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.200</span><br /> <span>9.1.2308.207</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.<br><br>The “ping” URL attribute and the “url” parameter do not properly validate user input. The attribute and parameter are not properly escaped, which could lead to the Stored Cross-site Scripting (XSS) exploit.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.<br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">The vulnerability affects instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) enabled, turning Splunk Web off is a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 5.4, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.<br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0713">SVD-2024-0713</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0713">Persistent Cross-site Scripting (XSS) in Web Bulletin</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36993">CVE-2024-36993</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N</td><td class="advisory-td" label="CVSS Score">5.4</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">VULN-15649</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /> Splunk Cloud Platform 9.1.2308<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.200<br /> 9.1.2308.207<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> Below 9.1.2312.200<br /> Below 9.1.2308.207<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.200</span><br /> <span>9.1.2308.207</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.<br><br>Splunk Web Bulletin Messages would not sanitize the “data-toggle” and “data-remote” attributes which could lead to a Stored Cross-site Scripting (XSS) exploit.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.<br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">The vulnerability affects instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) enabled, turning Splunk Web off is a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 5.4, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.<br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0712">SVD-2024-0712</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0712">Persistent Cross-site Scripting (XSS) in Dashboard Elements</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36992">CVE-2024-36992</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N</td><td class="advisory-td" label="CVSS Score">5.4</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">VULN-15645</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /> Splunk Cloud Platform 9.1.2308<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.200<br /> 9.1.2308.207<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> Below 9.1.2312.200<br /> Below 9.1.2308.207<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.200</span><br /> <span>9.1.2308.207</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user.<br><br>The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.<br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">The vulnerability affects instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) enabled, turning Splunk Web off is a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 5.4, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.<br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0711">SVD-2024-0711</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0711">Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36991">CVE-2024-36991</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</td><td class="advisory-td" label="CVSS Score">7.5</td><td class="advisory-td" label="CWE">CWE-35</td><td class="advisory-td" label="Bug">VULN-15637</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the `/modules/messaging/` endpoint in Splunk Enterprise on Windows.<br><br>The vulnerability exists because the Python `os.path.join` function removes the drive letter from path tokens if the drive in the token matches the drive in the built path.<br><br>This vulnerability should only affect Splunk Enterprise on Windows.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.</td><td class="advisory-td" label="Mitigations">The vulnerability affects instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) turned on. You could turn Splunk Web off as a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on turning Splunk Web off.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 7.5, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. <br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0710">SVD-2024-0710</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0710">Denial of Service (DoS) on the datamodel/web REST endpoint</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36990">CVE-2024-36990</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">6.5</td><td class="advisory-td" label="CWE">CWE-835</td><td class="advisory-td" label="Bug">VULN-15235</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /> Splunk Cloud Platform 9.1.2312<br /> Splunk Cloud Platform 9.1.2308<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.202<br /> 9.1.2312.109<br /> 9.1.2308.209<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> 9.1.2312.200 to 9.1.2312.201<br /> 9.1.2312.100 to 9.1.2312.108<br /> Below 9.1.2308.208<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.202</span><br /> <span>9.1.2312.109</span><br /> <span>9.1.2308.209</span><br /></td><td class="advisory-td" label="Affected Components"> REST API<br /> REST API<br /> REST API<br /> REST API<br /> REST API<br /> REST API<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the “admin” or “power” Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.<br><br>The DoS could result from a condition where a data model definition contains a cyclic dependency. That dependency could lead to an infinite loop, which leads to a stack overflow and the subsequent crash of the Splunk daemon.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.<br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 6.5, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0709">SVD-2024-0709</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0709">Low-privileged user could create notifications in Splunk Web Bulletin Messages</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36989">CVE-2024-36989</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N</td><td class="advisory-td" label="CVSS Score">6.5</td><td class="advisory-td" label="CWE">CWE-284</td><td class="advisory-td" label="Bug">VULN-15234</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.200<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> Below 9.1.2312.200<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.200</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the “admin” or “power” Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.<br><br>This could be the result of a lack of access control for using the Bulletin Messages system to send notifications.<br><br>It may be possible for the notifications to contain Web links. This could result in administrators navigating to other Web pages or running searches unexpectedly.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.<br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">The vulnerability affects instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) turned on. You could turn Splunk Web off as a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on turning Splunk Web off.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 6.5, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N<br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0708">SVD-2024-0708</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0708">OpenSSL crypto library (libcrypto.so) incorrectly compiled with stack execution bit set in Splunk Enterprise and Universal Forwarder on certain operating systems</a></td><td label="Severity" class="advisory-td">Informational</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id="></a></td><td class="advisory-td" label="CVSS Vector">NA</td><td class="advisory-td" label="CVSS Score">NA</td><td class="advisory-td" label="CWE">CWE-119</td><td class="advisory-td" label="Bug">VULN-14673</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise - Linux 9.2<br /> Splunk Enterprise - Linux 9.1<br /> Splunk Enterprise - Linux 9.0<br /> Universal Forwarder - Solaris 9.2<br /> Universal Forwarder - Solaris 9.1<br /> Universal Forwarder - Solaris 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.3 to 9.1.4<br /> 9.0.8 to 9.0.9<br /> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /></td><td class="advisory-td" label="Affected Components"> libcrypto<br /> libcrypto<br /> libcrypto<br /> libcrypto<br /> libcrypto<br /> libcrypto<br /></td><td class="advisory-td" label="Description">In certain specific versions and platform architectures of Splunk Enterprise and the Universal Forwarder, the cryptographic library for OpenSSL (libcrypto.so) was incorrectly compiled with its stack execution bit set. Setting the executable bit on .so library files is not a direct vulnerability,. <br><br>The problem affects the following versions of the Splunk platform only:<br> - Splunk Enterprise on Linux: 9.2.1, 9.2.0.1, 9.2.0, 9.1.4, 9.1.3, 9.0.9, and 9.0.8 <br> - Universal Forwarder on Solaris: all versions below 9.2.2, 9.1.5, and 9.0.10. <br><br>The problem does not affect the following versions of the Splunk platform:<br> - Splunk Enterprise on Windows or MacOS.<br> - Universal Forwarder on Windows, MacOS, Linux, FreeBSD, or AIX.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise on Linux and Universal Forwarder on Solaris to versions 9.2.2, 9.1.5, and 9.0.10, or higher.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">This advisory is informational only. A severity rating does not apply and the Common Vulnerability Scoring System (CVSS) is not applicable.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0707">SVD-2024-0707</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0707">Insecure File Upload in the indexing/preview REST endpoint</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36987">CVE-2024-36987</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-434</td><td class="advisory-td" label="Bug">VULN-10327</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.200<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> Below 9.1.2312.200<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.200</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the “admin” or “power” Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.<br><br>The vulnerable endpoint is one of several that the Upload Data page in Splunk Web uses to run a “preview” search of the data contained within a file that a user uploads prior to indexing. This process generates a file that a low-privileged user could use to perform the XSLT injection, which could be used to perform downstream exploits.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.<br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">The vulnerability would likely affect instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) turned on. You could turn Splunk Web off as a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on turning Splunk Web off.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.<br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Kyle Bambrick, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0706">SVD-2024-0706</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0706">Risky command safeguards bypass through Search ID query in Analytics Workspace</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36986">CVE-2024-36986</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N</td><td class="advisory-td" label="CVSS Score">6.3</td><td class="advisory-td" label="CWE">CWE-200</td><td class="advisory-td" label="Bug">VULN-10317</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /> Splunk Cloud Platform 9.1.2308<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.200<br /> 9.1.2308.207<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> Below 9.1.2312.200<br /> Below 9.1.2308.207<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.200</span><br /> <span>9.1.2308.207</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass [SPL safeguards for risky commands](https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards) in the Analytics Workspace. <br><br>The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.<br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">The vulnerability likely affects instances with the Analytics Workspace enabled. Turning off the Analytics Workplace application is a possible workaround. For more information on managing apps, see [Manage app and add-on objects](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Managingappobjects).<br><br>The vulnerability likely affects instances with [Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) enabled, turning Splunk Web off is a possible workaround. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 6.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N.<br><br>If the Splunk Enterprise instance does not run Splunk Web or disabled Analytics Workplace, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0705">SVD-2024-0705</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0705">Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36985">CVE-2024-36985</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8</td><td class="advisory-td" label="CWE">CWE-687</td><td class="advisory-td" label="Bug">VULN-8937</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /></td><td class="advisory-td" label="Affected Components"> splunk_archiver<br /> splunk_archiver<br /> splunk_archiver<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.0.10, 9.1.5, and 9.2.2, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could cause a Remote Code Execution through an external lookup that likely references the “splunk_archiver“ application.<br><br>The “splunk_archiver“ application likely contains a script called “copybuckets.py“ that itself references a file called “erp_launcher.py“, which would likely execute a script called “sudobash“.<br><br>The “sudobash“ script does not perform any input checking. Therefore it runs a bash shell with arguments supplied by the “erp_launcher.py“ file. This can lead to an RCE.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.</td><td class="advisory-td" label="Mitigations">Disable the “splunk_archiver“ application</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 8.8, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.<br><br>If the Splunk Enterprise instance disabled splunk_archiver, there is no impact and the severity is Informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Alex Hordijk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0704">SVD-2024-0704</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0704">Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36984">CVE-2024-36984</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8</td><td class="advisory-td" label="CWE">CWE-502</td><td class="advisory-td" label="Bug">VULN-15741</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.<br><br>The exploit requires the use of the collect SPL command which writes a file within the Splunk Enterprise installation. The attacker could then use this file to submit a serialized payload that could result in execution of code within the payload.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.</td><td class="advisory-td" label="Mitigations">If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See [Disable unnecessary Splunk Enterprise components]([https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents)) and the [web.conf configuration specification]([https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf)) file in the Splunk documentation for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 8.8, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.<br><br>If the Splunk Enterprise instance does not run Splunk Web, there should be no impact and the severity would be informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0703">SVD-2024-0703</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0703">Command Injection using External Lookups</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36983">CVE-2024-36983</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.0</td><td class="advisory-td" label="CWE">CWE-77</td><td class="advisory-td" label="Bug">VULN-15560</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /> Splunk Cloud Platform 9.1.2308<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.109<br /> 9.1.2308.207<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> 9.1.2312.100 to 9.1.2312.108<br /> Below 9.1.2308.207<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.109</span><br /> <span>9.1.2308.207</span><br /></td><td class="advisory-td" label="Affected Components"> External Lookups<br /> External Lookups<br /> External Lookups<br /> External Lookups<br /> External Lookups<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.<br><br>The vulnerability revolves around the currently-deprecated ”runshellscript” command that scripted alert actions use. This command, along with external command lookups, lets an authenticated user use this vulnerability to inject and execute commands within a privileged context from the Splunk platform instance.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.<br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Emergency Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 8.0, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HH.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0702">SVD-2024-0702</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0702">Denial of Service through null pointer reference in “cluster/config” REST endpoint</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-36982">CVE-2024-36982</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">7.5</td><td class="advisory-td" label="CWE">CWE-476</td><td class="advisory-td" label="Bug">VULN-15553</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /> Splunk Cloud Platform 9.1.2308<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.109<br /> 9.1.2308.207<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> 9.1.2312.100 to 9.1.2312.108<br /> Below 9.1.2308.207<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.109</span><br /> <span>9.1.2308.207</span><br /></td><td class="advisory-td" label="Affected Components"> REST API<br /> REST API<br /> REST API<br /> REST API<br /> REST API<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the “cluster/config” REST endpoint, which could result in a crash of the Splunk daemon.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher. <br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Emergency Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 7.5, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> d0nahu3<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0701">SVD-2024-0701</a></td><td label="Published" class="advisory-td">2024-07-01</td><td label="Modified" class="advisory-td">2024-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0701">Remote Code Execution through dashboard PDF generation component</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id="></a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8</td><td class="advisory-td" label="CWE">CWE-94</td><td class="advisory-td" label="Bug">VULN-15197</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.1.2312<br /> Splunk Cloud Platform 9.1.2308<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.2<br /> 9.1.5<br /> 9.0.10<br /> 9.1.2312.109<br /> 9.1.2308.203<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.1<br /> 9.1.0 to 9.1.4<br /> 9.0.0 to 9.0.9<br /> 9.1.2312.100 to 9.1.2312.108<br /> Below 9.1.2308.203<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.2</span><br /> <span>9.1.5</span><br /> <span>9.0.10</span><br /> <span>9.1.2312.109</span><br /> <span>9.1.2308.203</span><br /></td><td class="advisory-td" label="Affected Components"> pdfgen<br /> pdfgen<br /> pdfgen<br /> pdfgen<br /> pdfgen<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.203, an authenticated user could execute arbitrary code through the dashboard PDF generation component.<br><br>The pdfgen/render REST endpoint uses a vulnerable version of the ReportLab Toolkit (v3.6.1) Python library with a remote code execution vulnerability, as described in Common Vulnerabilities and Exposures (CVE) ID CVE-2023-33733.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.<br><br>Splunk is performing upgrades on Splunk Cloud Platform instances as part of Emergency Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 8.8, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Alex Chapman (ajxchapman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0304">SVD-2024-0304</a></td><td label="Published" class="advisory-td">2024-03-27</td><td label="Modified" class="advisory-td">2024-03-27</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0304">Third-Party Package Updates in Splunk Universal Forwarder - March 2024</a></td><td label="Severity" class="advisory-td">Low</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Universal Forwarder 9.2<br /> Splunk Universal Forwarder 9.1<br /> Splunk Universal Forwarder 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.1<br /> 9.1.4<br /> 9.0.9<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.0.1<br /> 9.1.0 to 9.1.3<br /> 9.0.0 to 9.0.8<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.1</span><br /> <span>9.1.4</span><br /> <span>9.0.9</span><br /></td><td class="advisory-td" label="Affected Components"> <br /> <br /> <br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder versions 9.2.1, 9.1.4, 9.0.9 and higher, including the following:</td><td class="advisory-td" label="Solution">Upgrade Splunk Universal Forwarder to versions 9.2.1, 9.1.4, and 9.0.9, or higher.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the vendor's severity rating, where applicable.</td><td class="advisory-td" label="OSS"> CVE-2024-0727, CVE-2023-5678 - Openssl - Upgraded to 1.0.2zj - <a href="https://www.openssl.org/news/vulnerabilities.html">Low</a> - <br /> <a href="https://curl.se/docs/security.html">multiple</a> - curl - Upgraded from 8.0.1 to 8.5.0 - Informational - The Splunk Universal Forwarder is not affected by the CVEs listed by curl applicable to versions 8.0.1 through 8.4.0. However, out of an abundance of caution, Splunk upgraded it.<br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0303">SVD-2024-0303</a></td><td label="Published" class="advisory-td">2024-03-27</td><td label="Modified" class="advisory-td">2024-03-27</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0303">Third-Party Package Updates in Splunk Enterprise - March 2024</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.1<br /> 9.1.4<br /> 9.0.9<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.0.1<br /> 9.1.0 to 9.1.3<br /> 9.0.0 to 9.0.8<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.1</span><br /> <span>9.1.4</span><br /> <span>9.0.9</span><br /></td><td class="advisory-td" label="Affected Components"> <br /> <br /> <br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 9.2.1, 9.1.4, 9.0.9 and higher, including the following:</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.2.1, 9.1.4, and 9.0.9, or higher.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the vendor's severity rating, when available, or the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating, otherwise.</td><td class="advisory-td" label="OSS"> CVE-2024-0727, CVE-2023-5678 - Openssl - Upgraded to 1.0.2zj - <a href="https://www.openssl.org/news/vulnerabilities.html">Low</a> - <br /> CVE-2023-39325 - net, go - Upgraded to 0.2.0 - High - Upgraded in Splunk Assist<br /> <a href="https://go.dev/doc/devel/release">multiple</a> - go - Upgraded from 1.20.10 to 1.21.5 - <a href="https://go.dev/doc/devel/release">See vendor</a> - Upgraded in Splunk Assist<br /> multiple - hive-exec - Upgraded from 3.1.3 to 4.0.0-beta-1 - See vendor - <br /> <a href="https://curl.se/docs/security.html">multiple</a> - curl - Upgraded from 8.0.1 to 8.5.0 - <a href="https://curl.se/docs/security.html">See vendor</a> - Splunk Enterprise is not affected by CVE-2023-38545<br /> CVE-2021-32559 - pywin32 - Upgraded to b306 - Medium - <br /> <a href="https://github.com/FasterXML/jackson/wiki/Jackson-Releases">multiple</a> - jackson-databind - Upgraded from 2.9.10 to 2.13.5 - <a href="https://github.com/FasterXML/jackson/wiki/Jackson-Releases">See vendor</a> - Removed jackson-databind-2.9.10 nested within $SPLUNK_HOME/bin/jars/thirdparty/common/parquet-hive-bundle-1.11.2.jar and added jackson-databind-2.13.5 under $SPLUNK_HOME/bin/jars/common<br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0302">SVD-2024-0302</a></td><td label="Published" class="advisory-td">2024-03-27</td><td label="Modified" class="advisory-td">2024-04-09</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0302">Risky command safeguards bypass in Dashboard Examples Hub</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-29946">CVE-2024-29946</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">8.1</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-250341</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.1<br /> 9.1.4<br /> 9.0.9<br /> 9.1.2312.104<br /> 9.1.2308.205<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.0.1<br /> 9.1.0 to 9.1.3<br /> 9.0.0 to 9.0.8<br /> 9.1.2312.100 to 9.1.2312.103<br /> Below 9.1.2308.205<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.1</span><br /> <span>9.1.4</span><br /> <span>9.0.9</span><br /> <span>9.1.2312.104</span><br /> <span>9.1.2308.205</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Dashboard Studio<br /> Splunk Dashboard Studio<br /> Splunk Dashboard Studio<br /> Splunk Dashboard Studio<br /> Splunk Dashboard Studio<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.1, 9.1.4 and 9.0.9, and Splunk Cloud Platform versions below 9.1.2312.104 and 9.1.2308.205, the Dashboard Examples Hub in the Splunk Dashboard Studio app lacks protections for risky SPL commands, which could allow an attacker to bypass SPL safeguards for risky commands. <br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser (and in the case of Splunk Enterprise, also if Splunk Web is on).<br><br>For more information on risky commands and potential impacts, see [SPL safeguards for risky commands](https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards).</td><td class="advisory-td" label="Solution">For Splunk Enterprise, upgrade versions to 9.2.1, 9.1.4, 9.0.9, or higher.<br><br>For Splunk Cloud Platform, Splunk has put in place a mitigation, and is actively monitoring and rolling out patches across Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">On Splunk Cloud Platform only, Splunk implemented network-level changes that fully mitigate the vulnerability.<br><br>On Splunk Enterprise only:<br><br>You can mitigate the vulnerability by removing the template file for the Splunk Dashboard Studio Examples Hub. This file is located at `$SPLUNK_HOME/etc/apps/splunk-dashboard-studio/appserver/templates/example-hub.html`. This mitigation prevents the Dashboard Examples Hub from rendering.<br><br>The vulnerability affects instances with[ Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) turned on. You can turn Splunk Web off as a possible workaround. See[ Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the[ web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on turning Splunk Web off.<br><br>The Splunk-built Splunk Dashboard Studio app comes with Splunk Enterprise and uses the Dashboard Examples Hub. You can disable the app as a possible workaround for instances that do not run as Search Heads. See [Manage app and add-on objects - Splunk Documentation](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Managingappobjects) for more information.<br><br>**Note:** In Splunk Enterprise versions below 9.2 and Splunk Cloud Platform versions below 9.0.2205, disabling the Splunk Dashboard Studio app disables Dashboard Studio dashboard functionality. In all Splunk Enterprise and Splunk Cloud Platform versions, disabling the Splunk Dashboard Studio app breaks images and icons for Dashboard Studio dashboards and might also cause unintended problems with other Dashboard Studio functionality.</td><td class="advisory-td" label="Severity Summary">The severity of this vulnerability varies based on certain conditions.<br><br>On Splunk Enterprise:<br><br>If the Splunk Enterprise environment meets the conditions that appear in the “Description” section, Splunk rates the vulnerability as High, 8.1, with a CVSSv3.1 Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N.<br><br>If the Splunk Enterprise instance does not run Splunk Web or Splunk Dashboard Studio, there is no impact and the severity is Informational.<br><br>On Splunk Cloud Platform:<br><br>Splunk implemented network-level changes that fully mitigate the vulnerability. There is no impact and the severity is Informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0301">SVD-2024-0301</a></td><td label="Published" class="advisory-td">2024-03-27</td><td label="Modified" class="advisory-td">2024-03-27</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0301">Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-29945">CVE-2024-29945</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">7.2</td><td class="advisory-td" label="CWE">CWE-532</td><td class="advisory-td" label="Bug">SPL-248977</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.2<br /> Splunk Enterprise 9.1<br /> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 9.2.1<br /> 9.1.4<br /> 9.0.9<br /></td><td class="advisory-td" label="Affected Versions"> 9.2.0 to 9.2.0.1<br /> 9.1.0 to 9.1.3<br /> 9.0.0 to 9.0.8<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.2.1</span><br /> <span>9.1.4</span><br /> <span>9.0.9</span><br /></td><td class="advisory-td" label="Affected Components"> <br /> <br /> <br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure could happen when either Splunk Enterprise runs in debug mode or the `JsonWebToken` component has been configured to log its activity at the DEBUG logging level. Normally, Splunk Enterprise runs with debug mode and token authentication turned off, as well as the `JsonWebToken` process configured at the INFO logging level. <br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) in the Splunk documentation for more information.</td><td class="advisory-td" label="Solution"><div> <p data-renderer-start-pos="2009">There are multiple solutions depending on how you have configured the Splunk Enterprise instance.</p> <p data-renderer-start-pos="2108">First, determine whether or not debug logging is on, either globally or for the <code class="code css-1o5d2cw" data-renderer-mark="true">JsonWebToken</code> component. You must log into the Splunk Enterprise instance as an admin user or equivalent to perform these actions.</p> <ol class="ak-ol" start="1" data-indent-level="1"> <li> <p data-renderer-start-pos="2328">To determine the current global logging mode on the instance:</p> <ol class="ak-ol" start="1" data-indent-level="2"> <li> <p data-renderer-start-pos="2393">In a web browser, visit the Server Logging Settings page in Splunk Web at <code class="code css-1o5d2cw" data-renderer-mark="true">/en-US/manager/system/server/logger</code>.</p> </li> <li> <p data-renderer-start-pos="2536">Review the Logging Level column on the page that loads. If every row in this column shows DEBUG as the logging level, then the Splunk Enterprise instance is in debug mode. Otherwise, it is not in debug mode.</p> </li> </ol> </li> <li> <p data-renderer-start-pos="2749">To determine the current logging level for the <code class="code css-1o5d2cw" data-renderer-mark="true">JsonWebToken</code> processor:</p> <ol class="ak-ol" start="1" data-indent-level="2"> <li> <p data-renderer-start-pos="2830">In a web browser, search for the JsonWebToken processor configuration by visiting <code class="code css-1o5d2cw" data-renderer-mark="true">/en-US/manager/system/server/logger?search=JsonWebToken</code>.</p> </li> <li> <p data-renderer-start-pos="2986">Review the Logging level column for the processor. If this row has a value of DEBUG, then the processor currently logs its activity at the DEBUG level.</p> </li> </ol> </li> </ol> <p data-renderer-start-pos="3143">See <a class="css-tgpl01" title="https://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Enabledebuglogging" href="https://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Enabledebuglogging" data-testid="link-with-safety" data-renderer-mark="true">Enable debug logging</a> for more information.</p> <p data-renderer-start-pos="3192">If either of these steps determines that debug logging is on, either globally or for the <code class="code css-1o5d2cw" data-renderer-mark="true">JsonWebToken</code> component, then remedy the problem by performing the following tasks:</p> <ol class="ak-ol" start="1" data-indent-level="1"> <li> <p data-renderer-start-pos="3374">Upgrade Splunk Enterprise to versions 9.2.1, 9.1.4, 9.0.9, or higher.</p> </li> <li> <p data-renderer-start-pos="3447">Delete the following log file on the Splunk Enterprise instance: <code class="code css-1o5d2cw" data-renderer-mark="true">$SPLUNK_HOME/var/log/splunk/splunkd.log</code></p> </li> <li> <p data-renderer-start-pos="3555">Log into Splunk Web on the Splunk Enterprise instance and delete all log file events for the <code class="code css-1o5d2cw" data-renderer-mark="true">JsonWebToken</code> component from the _internal index by running the following search command:<br /> <code class="code css-1o5d2cw" data-renderer-mark="true">index=_internal component=JsonWebToken | delete</code><br />Note: The delete SPL command requires the can_delete role, which administrators do not receive by default. See <a class="css-tgpl01" title="https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Delete" href="https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Delete" data-testid="link-with-safety" data-renderer-mark="true">delete</a> for more info on the delete search command.</p> </li> <li> <p data-renderer-start-pos="3958">While you are logged in, rotate any potentially exposed authentication tokens. See <a class="css-tgpl01" title="https://docs.splunk.com/Documentation/Splunk/latest/Security/ManageAuthTokens" href="https://docs.splunk.com/Documentation/Splunk/latest/Security/ManageAuthTokens" data-testid="link-with-safety" data-renderer-mark="true">Manage or delete authentication tokens</a> for more information.</p> </li> </ol> </div></td><td class="advisory-td" label="Mitigations"><p>If it isn&rsquo;t currently possible to upgrade to a fixed version of Splunk Enterprise, you can remedy the vulnerability by doing the following:</p> <ol class="ak-ol" start="1"> <li> <p>If the Splunk Enterprise instance runs in debug mode, turn it off. Restart the instance without using the <code>--debug</code> argument.</p> </li> <li> <p>If you don&rsquo;t use tokens to authenticate users on the Splunk Enterprise instance and token authentication is on, turn it off. See <a href="http://docs.splunk.com/Documentation/Splunk/latest/Security/EnableTokenAuth">Enable or disable token authentication</a> for more information.</p> </li> <li> <p>If the JsonWebToken component is at the DEBUG logging level, raise it to the INFO level.</p> <ol class="ak-ol" start="1"> <li> <p>Log into Splunk Web on the Splunk Enterprise instance and visit the Server Logging page as described previously.</p> </li> <li> <p>Select the JsonWebToken component, change its logging level to INFO, then select Save.</p> </li> </ol> </li> <li> <p>View the <code>$SPLUNK_HOME/etc/log.cfg</code> logging configuration files and confirm that the JsonWebToken component is at the INFO logging level. Look for a line in the file that says <code>category.JsonWebToken=</code>. If it equals DEBUG, raise the logging level to INFO by doing the following:</p> <ol class="ak-ol" start="1"> <li> <p>Edit the <code>$SPLUNK_HOME/etc/log.cfg</code> file.</p> </li> <li> <p>Add the line <code>category.JsonWebToken=INFO</code> to this file.</p> </li> <li> <p>Save the file.</p> </li> <li> <p>Repeat Steps 4a-4c with the <code>log-local.cfg</code> file, if it exists.</p> </li> <li> <p>Restart Splunk Enterprise for the changes to <code>log.cfg</code>or <code>log-local.cfg</code> to take effect. Note: Confirm that you do not use the <code>--debug</code> flag to restart Splunk Enterprise.</p> </li> </ol> </li> <li> <p>Delete the following log file: <code>$SPLUNK_HOME/var/log/splunk/splunkd.log</code></p> </li> <li> <p>Delete all the Splunk Enterprise log file events from the _internal index by running the following search command: <br> <div><code>index=_internal component=JsonWebToken | delete</code></div> <br>Note: The delete command requires the can_delete role, which administrators do not receive by default. See <a href="https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Delete">delete</a> for more info on the delete search command.</p> </li> <li> <p>While you are logged in, rotate any potentially exposed authentication tokens. See <a href="https://docs.splunk.com/Documentation/Splunk/latest/Security/ManageAuthTokens">Manage or delete authentication tokens</a> for more information.</p> </li> </ol></td><td class="advisory-td" label="Severity Summary"><div> <p data-renderer-start-pos="6130">Splunk rates this vulnerability as informational, or falling between a 6.7, Medium, and a 7.2, High. The following scenarios affect the score:</p> <ul class="ak-ul" data-indent-level="1"> <li> <p data-renderer-start-pos="6600">If token authentication is turned off, then the vulnerability does not affect this Splunk Enterprise instance and the advisory is Informational.</p> </li> <li> <p data-renderer-start-pos="6404">If you limit access to the _internal index to holders of the admin role only, then the CVSS score lowers to 6.7, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.</p> </li> <li> <p data-renderer-start-pos="6404">If admin users have provided lower-privilege users access to the _internal index, then the CVSS score would be 7.2, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.</p> </li> </ul> </div></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Alex Napier, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0112">SVD-2024-0112</a></td><td label="Published" class="advisory-td">2024-01-30</td><td label="Modified" class="advisory-td">2024-01-30</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0112">Third-Party Package Updates in Splunk Add-on Builder - January 2024</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Add-on Builder -<br /></td><td class="advisory-td" label="Fixed Versions"> 4.1.4<br /></td><td class="advisory-td" label="Affected Versions"> Below 4.1.4<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>4.1.4</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third-Party Packages in Splunk Add-on Builder version 4.1.4, including the following:</td><td class="advisory-td" label="Solution">For Splunk Add-on Builder, upgrade to version 4.1.4. <br> <br> Splunk Add-on Builder replicates the requests Python HTTP library to custom apps and add-ons. After you upgrade Splunk Add-on Builder, review the following additional information if you use Add-on Builder to edit custom apps or add-ons: <br> &nbsp;&nbsp;&nbsp;&nbsp;1. Use Add-on Builder to edit and save the affected app. See the [Add-on Builder documentation](https://docs.splunk.com/Documentation/AddonBuilder/latest/UserGuide/Overview) for more information.<br> &nbsp;&nbsp;&nbsp;&nbsp;2. Restart Splunk Enterprise <br> <br> If the custom app or add-on is also installed on instances without Add-on Builder, you must package the upgraded custom app or add-on, then install it on the instances. See [Validate and Package](https://docs.splunk.com/Documentation/AddonBuilder/latest/UserGuide/Validate) and [Package apps](https://dev.splunk.com/enterprise/docs/releaseapps/packageapps/) for more information. <br> <br> For affected apps and add-ons that are already on SplunkBase, as a third-party developer, you must publish an updated version of the app or add-on to SplunkBase. For more information, see [Publish apps for Splunk Cloud Platform or Splunk Enterprise to Splunkbase](https://dev.splunk.com/enterprise/docs/releaseapps/splunkbase/). Cloud-vetted apps are subject to the [Cloud Vetting Change Policy](https://dev.splunk.com/enterprise/docs/releaseapps/cloudvetting/#Cloud-Vetting-Change-Policy). <br> <br> Note: The Splunk Add-on Builder does not replicate the semver (Semantic Version parser) library to custom apps and add-ons.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2023-32681 - requests - Upgraded to 2.31.0 - Medium - <br /> CVE-2022-25883 - semver - Upgraded to 5.7.2 - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0111">SVD-2024-0111</a></td><td label="Published" class="advisory-td">2024-01-30</td><td label="Modified" class="advisory-td">2024-01-30</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0111">Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-46230">CVE-2023-46230</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L</td><td class="advisory-td" label="CVSS Score">8.2</td><td class="advisory-td" label="CWE">CWE-532</td><td class="advisory-td" label="Bug">ADDON-63640</td><td class="advisory-td" label="Affected Product"> Splunk Add-on Builder -<br /></td><td class="advisory-td" label="Fixed Versions"> 4.1.4<br /></td><td class="advisory-td" label="Affected Versions"> Below 4.1.4<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>4.1.4</span><br /></td><td class="advisory-td" label="Affected Components"> Add-on Builder<br /></td><td class="advisory-td" label="Description">In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.</td><td class="advisory-td" label="Solution">Upgrade Splunk Add-on Builder to version 4.1.4 or higher, delete the logs, and delete the events.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as a 8.2, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Vikram Ashtaputre, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0110">SVD-2024-0110</a></td><td label="Published" class="advisory-td">2024-01-30</td><td label="Modified" class="advisory-td">2024-01-30</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0110">Session Token Disclosure to Internal Log Files in Splunk Add-on Builder</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-46231">CVE-2023-46231</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8</td><td class="advisory-td" label="CWE">CWE-532</td><td class="advisory-td" label="Bug">ADDON-63902</td><td class="advisory-td" label="Affected Product"> Splunk Add-on Builder -<br /></td><td class="advisory-td" label="Fixed Versions"> 4.1.4<br /></td><td class="advisory-td" label="Affected Versions"> Below 4.1.4<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>4.1.4</span><br /></td><td class="advisory-td" label="Affected Components"> Add-on Builder<br /></td><td class="advisory-td" label="Description">In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on.</td><td class="advisory-td" label="Solution">Upgrade Splunk Add-on Builder to version 4.1.4 or higher, delete the logs, and delete the events.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as a 8.8, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Vikram Ashtaputre, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0109">SVD-2024-0109</a></td><td label="Published" class="advisory-td">2024-01-22</td><td label="Modified" class="advisory-td">2024-01-26</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0109">Third-Party Package Updates in Splunk Enterprise - January 2024</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">N/A</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.8<br /> 9.1.3<br /></td><td class="advisory-td" label="Affected Versions"> 9.0.0 to 9.0.7<br /> 9.1.0 to 9.1.2<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.8</span><br /> <span>9.1.3</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third-Party Packages in Splunk Enterprise versions 9.0.8 and 9.1.3, including the following:</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to version 9.0.8, 9.1.3, or higher.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.</td><td class="advisory-td" label="OSS"> Multiple* - golang, in Splunk Assist - Upgraded golang from 1.20.7 to 1.20.10 - See vendor - <br /> Multiple* - golang, in mongodump and mongorestore - Upgraded golang from 1.19** to 1.20.10 - See vendor - <br /> CVE-2022-40899 - future, Python 3, in Upgrade Readiness App - Upgraded to 0.18.3 - High - <br /> CVE-2022-40899 - future, Python 2, in Upgrade Readiness App - Upgraded to 0.18.3 - High - <br /> CVE-2023-37920 - certifi - Patched*** - Low - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0108">SVD-2024-0108</a></td><td label="Published" class="advisory-td">2024-01-22</td><td label="Modified" class="advisory-td">2024-01-30</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0108">Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-23678">CVE-2024-23678</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">7.5</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-240674</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.8<br /> 9.1.3<br /></td><td class="advisory-td" label="Affected Versions"> 9.0.0 to 9.0.7<br /> 9.1.0 to 9.1.2<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.8</span><br /> <span>9.1.3</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise for Windows to 9.0.8, 9.1.3, or higher.<br><br>This vulnerability does not affect Splunk Cloud Platform.</td><td class="advisory-td" label="Mitigations">If users do not log in to Splunk Web on instances in a distributed environment, disable Splunk Web on those instances. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on disabling Splunk Web. <br></td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability a 7.5, High, with a CVSSv3.1 vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H.<br><br>If you do not run Splunk Enterprise on a Windows machine, then there is no impact and the severity is Informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0107">SVD-2024-0107</a></td><td label="Published" class="advisory-td">2024-01-22</td><td label="Modified" class="advisory-td">2024-01-22</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0107">Server Response Disclosure in RapidDiag Salesforce.com Log File</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-23677">CVE-2024-23677</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-532</td><td class="advisory-td" label="Bug">SPL-225757</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Splunk Cloud -<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.8<br /> 9.0.2208<br /></td><td class="advisory-td" label="Affected Versions"> 9.0.0 to 9.0.7<br /> Versions below 9.0.2208<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.8</span><br /> <span>9.0.2208</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses to an external application upload request in a log file. The log files might contain sensitive information.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to 9.0.8 or higher. <br><br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability a 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Vikram Ashtaputre, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0106">SVD-2024-0106</a></td><td label="Published" class="advisory-td">2024-01-22</td><td label="Modified" class="advisory-td">2024-01-23</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0106">Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-23676">CVE-2024-23676</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N</td><td class="advisory-td" label="CVSS Score">4.6</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-245947</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /> Splunk Cloud -<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.8<br /> 9.1.3<br /> 9.1.2308.200<br /></td><td class="advisory-td" label="Affected Versions"> 9.0.0 to 9.0.7<br /> 9.1.0 to 9.1.2<br /> Versions below 9.1.2308.200<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.8</span><br /> <span>9.1.3</span><br /> <span>9.1.2308.200</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit. See [Splunk Enterprise Metrics](https://docs.splunk.com/Documentation/Splunk/latest/Metrics/Overview) for information on Metrics.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.0.8, 9.1.3, or higher.<br><br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">If users do not log in to Splunk Web in a distributed environment, disable Splunk Web on those instances. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification file for more information on disabling Splunk Web. <br><br>If users do not need access to metrics indexes, remove authorization to search those indexes. See [About configuring role-based user access](https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutusersandroles) for information on how to configure role-based user access.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability a 4.6, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0105">SVD-2024-0105</a></td><td label="Published" class="advisory-td">2024-01-22</td><td label="Modified" class="advisory-td">2024-01-30</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0105">Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-23675">CVE-2024-23675</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N</td><td class="advisory-td" label="CVSS Score">6.5</td><td class="advisory-td" label="CWE">CWE-284</td><td class="advisory-td" label="Bug">SPL-246067</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /> Splunk Cloud -<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.8<br /> 9.1.3<br /> 9.1.2312.100<br /></td><td class="advisory-td" label="Affected Versions"> 9.0.0 to 9.0.7<br /> 9.1.0 to 9.1.2<br /> Versions below 9.1.2312.100<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.8</span><br /> <span>9.1.3</span><br /> <span>9.1.2312.100</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk REST API<br /> Splunk REST API<br /> Splunk REST API<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to 9.0.8, 9.1.3, or higher.<br><br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">Remove the `list_all_objects` capability from users that do not require it. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) for more information. If you are not using KV Store, you can disable it. See [Disable the KV store](https://docs.splunk.com/Documentation/Splunk/latest/Admin/AboutKVstore) for more information. Note: removing the list_all_objects capability may significantly impair user functionality.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability a 6.5, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Julian Kaufmann<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0104">SVD-2024-0104</a></td><td label="Published" class="advisory-td">2024-01-09</td><td label="Modified" class="advisory-td">2024-01-09</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0104">Splunk User Behavior Analytics (UBA) Third-Party Package Updates</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">UBA-16652</td><td class="advisory-td" label="Affected Product"> Splunk User Behavior Analytics (UBA) -<br /> Splunk User Behavior Analytics (UBA) -<br /></td><td class="advisory-td" label="Fixed Versions"> 5.3.0<br /> 5.2.1<br /></td><td class="advisory-td" label="Affected Versions"> Below 5.3.0<br /> Below 5.2.1<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>5.3.0</span><br /> <span>5.2.1</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk User Behavior Analytics (UBA) versions 5.3.0 and 5.2.1, including the following:</td><td class="advisory-td" label="Solution">Upgrade Splunk User Behavior Analytics (UBA) to version 5.3.0, 5.2.1, or higher.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2023-32695 - socket.io-parser - Upgraded to 4.6.2 - High - <br /> CVE-2015-5237 - protobuf - Upgraded to 3.21.12 - High - <br /> CVE-2022-3171 - protobuf - Upgraded to 3.21.12 - High - <br /> CVE-2022-3509 - protobuf - Upgraded to 3.21.12 - High - <br /> CVE-2022-3510 - protobuf - Upgraded to 3.21.12 - High - <br /> CVE-2023-2976 - Guava - Upgraded to 32.0.1 - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0103">SVD-2024-0103</a></td><td label="Published" class="advisory-td">2024-01-09</td><td label="Modified" class="advisory-td">2024-01-11</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0103">Splunk Enterprise Security (ES) Third-Party Package Updates - January 2024</a></td><td label="Severity" class="advisory-td">Critical</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise Security (ES) 7.3<br /> Splunk Enterprise Security (ES) 7.2<br /> Splunk Enterprise Security (ES) 7.1<br /></td><td class="advisory-td" label="Fixed Versions"> 7.3.0<br /> 7.2.0<br /> 7.1.2<br /></td><td class="advisory-td" label="Affected Versions"> -<br /> -<br /> Below 7.1.2<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>7.3.0</span><br /> <span>7.2.0</span><br /> <span>7.1.2</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise Security (ES) versions 7.1.2, 7.2.0 and higher, including the following:</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise Security (ES) to version 7.1.2, 7.2.0, 7.3.0 or higher.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2023-45133 - babel/traverse - Upgraded to 7.23.2 - High - <br /> CVE-2021-23446 - handsontable - Upgraded to 13.1.0 - High - <br /> CVE-2022-25883 - semver - Upgraded to 6.3.1 - High - <br /> CVE-2022-37599 - loader-utils - Upgraded to 1.4.2 - High - <br /> CVE-2022-37603 - loader-utils - Upgraded to 1.4.2 - High - <br /> CVE-2022-37601 - loader-utils - Upgraded to 1.4.2 - Critical - <br /> CVE-2022-46175 - json5 - Upgraded to 1.0.2 - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0102">SVD-2024-0102</a></td><td label="Published" class="advisory-td">2024-01-09</td><td label="Modified" class="advisory-td">2024-01-10</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0102">Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-22165">CVE-2024-22165</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">6.5</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SOLNESS-35977</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise Security (ES) 7.3<br /> Splunk Enterprise Security (ES) 7.2<br /> Splunk Enterprise Security (ES) 7.1<br /></td><td class="advisory-td" label="Fixed Versions"> 7.3.0<br /> 7.2.0<br /> 7.1.2<br /></td><td class="advisory-td" label="Affected Versions"> -<br /> -<br /> Below 7.1.2<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>7.3.0</span><br /> <span>7.2.0</span><br /> <span>7.1.2</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise Security (ES) to version 7.1.2, 7.2.0, 7.3.0 or higher.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability a 6.5, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Eric LaMothe, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0101">SVD-2024-0101</a></td><td label="Published" class="advisory-td">2024-01-09</td><td label="Modified" class="advisory-td">2024-01-10</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2024-0101">Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2024-22164">CVE-2024-22164</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-400</td><td class="advisory-td" label="Bug">SOLNESS-35980</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise Security (ES) 7.3<br /> Splunk Enterprise Security (ES) 7.2<br /> Splunk Enterprise Security (ES) 7.1<br /></td><td class="advisory-td" label="Fixed Versions"> 7.3.0<br /> 7.2.0<br /> 7.1.2<br /></td><td class="advisory-td" label="Affected Versions"> -<br /> -<br /> Below 7.1.2<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>7.3.0</span><br /> <span>7.2.0</span><br /> <span>7.1.2</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the investigation. The attachment endpoint does not properly limit the size of the request, which lets an attacker cause the investigation to become inaccessible.<br>The vulnerability requires the authenticated, collaborator access to the Investigation and only affects the availability of an affected Investigation.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise Security (ES) to versions 7.1.2, 7.2.0, 7.3.0 or higher.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability a 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Vikram Ashtaputre, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1107">SVD-2023-1107</a></td><td label="Published" class="advisory-td">2023-11-16</td><td label="Modified" class="advisory-td">2023-12-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1107">November 2023 Splunk Universal Forwarder Third-Party Updates</a></td><td label="Severity" class="advisory-td">Low</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Universal Forwarder 9.0<br /> Splunk Universal Forwarder 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.7<br /> 9.1.2<br /></td><td class="advisory-td" label="Affected Versions"> 9.0.0 to 9.0.6<br /> 9.1.0 to 9.1.1<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.7</span><br /> <span>9.1.2</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder, including the following:</td><td class="advisory-td" label="Solution">For Splunk Universal Forwarder, upgrade versions to 9.0.7 or 9.1.2.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the vendor's severity.</td><td class="advisory-td" label="OSS"> CVE-2023-3817 - openssl - Upgraded to 1.0.2zi - Low - <br /> CVE-2023-3446 - openssl - Upgraded to 1.0.2zi - Low - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1106">SVD-2023-1106</a></td><td label="Published" class="advisory-td">2023-11-16</td><td label="Modified" class="advisory-td">2024-01-11</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1106">November 2023 Third-Party Package Updates in Splunk Cloud Platform</a></td><td label="Severity" class="advisory-td">Critical</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Cloud -<br /></td><td class="advisory-td" label="Fixed Versions"> 9.1.2308.100<br /></td><td class="advisory-td" label="Affected Versions"> Below 9.1.2308<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.1.2308.100</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in version 9.1.2308.100 of Splunk Cloud Platform.</td><td class="advisory-td" label="Solution">Splunk is actively upgrading and monitoring instances of Splunk Cloud Platform.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2022-31799 - bottle - Upgraded to 0.12.25 - Critical - <br /> CVE-2023-24329 - python - Upgraded to 3.7.17 - High - <br /> CVE-2023-3817 - openssl - Upgraded to 1.0.2zi - Low - <br /> CVE-2023-3446 - openssl - Upgraded to 1.0.2zi - Low - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1105">SVD-2023-1105</a></td><td label="Published" class="advisory-td">2023-11-16</td><td label="Modified" class="advisory-td">2023-11-16</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1105">November 2023 Third Party Package updates in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.7<br /> 9.1.2<br /></td><td class="advisory-td" label="Affected Versions"> 9.0.0 to 9.0.6<br /> 9.1.0 to 9.1.1<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.7</span><br /> <span>9.1.2</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise, including the following:</td><td class="advisory-td" label="Solution">For Splunk Enterprise, upgrade versions to 9.0.7 or 9.1.2.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">Splunk Enterprise does not use bottle and is not impacted by CVE-2022-31799. Otheriwse, for the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2021-22570 - protobuf - Upgraded to 3.15.8 - Medium - <br /> CVE-2022-31799 - bottle - Upgraded to 0.12.25 - Informational - <br /> CVE-2023-24329 - python - Upgraded to 3.7.17 - High - <br /> CVE-2023-3817 - openssl - Upgraded to 1.0.2zi - Low - <br /> CVE-2023-3446 - openssl - Upgraded to 1.0.2zi - Low - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1104">SVD-2023-1104</a></td><td label="Published" class="advisory-td">2023-11-16</td><td label="Modified" class="advisory-td">2023-12-12</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1104">Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-46214">CVE-2023-46214</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.0</td><td class="advisory-td" label="CWE">CWE-91</td><td class="advisory-td" label="Bug">SPL-241695</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /> Splunk Cloud -<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.7<br /> 9.1.2<br /> 9.1.2308<br /></td><td class="advisory-td" label="Affected Versions"> 9.0.0 to 9.0.6<br /> 9.1.0 to 9.1.1<br /> Versions below 9.1.2308<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.7</span><br /> <span>9.1.2</span><br /> <span>9.1.2308</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to either 9.0.7 or 9.1.2. <br><br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">If you cannot upgrade, limit the ability of search job requests to accept XML stylesheet language (XSL) as valid input.<br><br>Edit the `web.conf` configuration file and add the following configuration on instances where you want to limit the ability of search job requests to accept XSL:<br><br>`[settings]`<br>`enableSearchJobXslt = false`<br><br>For more information on modifying the web.conf configuration file, see [How to edit a configuration file](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Howtoeditaconfigurationfile) and the [web.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) configuration specification. For earlier Splunk Enterprise versions, review the web.conf specification for availability of the `enableSearchJobXslt` setting.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability a 8.0, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Alex Hordijk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1103">SVD-2023-1103</a></td><td label="Published" class="advisory-td">2023-11-16</td><td label="Modified" class="advisory-td">2023-11-20</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1103">Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-46213">CVE-2023-46213</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N</td><td class="advisory-td" label="CVSS Score">4.8</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">VULN-5768</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /> Splunk Cloud -<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.7<br /> 9.1.2<br /> 9.1.2308<br /></td><td class="advisory-td" label="Affected Versions"> 9.0.0 to 9.0.6<br /> 9.1.0 to 9.1.1<br /> Versions below 9.1.2308<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.7</span><br /> <span>9.1.2</span><br /> <span>9.1.2308</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.0.7 and 9.1.2, the “Show syntax highlighted” feature of the Search page does not effectively escape log file characters.<br><br>This vulnerability lets an attacker craft a log file which can execute unauthorized Javascript code in the browser of a user that interacts with events in the malicious log file in a specific way.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 9.0.7 or 9.1.2. <br><br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See [Disable unnecessary Splunk Enterprise components]([https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents)) and the [web.conf configuration specification]([https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf)) file in the Splunk documentation for more information on disabling Splunk Web.<br>Do not use the “Show syntax highlighted” feature in the Search page on imported log files whose origins you are not familiar with.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability a 4.8, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N<br>If the Splunk Enterprise instance does not run Splunk Web, it is not affected and this vulnerability can be considered Informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Joshua Neubecker<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1102">SVD-2023-1102</a></td><td label="Published" class="advisory-td">2023-11-16</td><td label="Modified" class="advisory-td">2023-11-16</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1102">Third Party Package Update in Splunk Add-on for Google Cloud Platform</a></td><td label="Severity" class="advisory-td">Critical</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Add-on for Google Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 4.3.0<br /></td><td class="advisory-td" label="Affected Versions"> Below 4.3.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>4.3.0</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in version 4.3.0 of Splunk Add-on for Google Cloud Platform.</td><td class="advisory-td" label="Solution">For Splunk Add-on for Google Cloud Platform, upgrade versions to 4.3.0 or higher.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2023-37920 - certifi - Upgraded to 2023.7.22 - Critical - <br /> CVE-2023-45803 - urllib3 - Upgraded to 1.26.18 - Medium - <br /> CVE-2023-43804 - urllib3 - Upgraded to 1.26.18 - High - <br /> CVE-2023-44270 - postcss - Upgraded to 8.4.31 - Medium - <br /> CVE-2022-25883 - semver - Upgraded to 6.3.1 and 7.5.4 - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1101">SVD-2023-1101</a></td><td label="Published" class="advisory-td">2023-11-16</td><td label="Modified" class="advisory-td">2023-11-16</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1101">Third Party Package Update in Splunk Add-on for Amazon Web Services</a></td><td label="Severity" class="advisory-td">Critical</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Add-on for Amazon Web Services -<br /></td><td class="advisory-td" label="Fixed Versions"> 7.2.0<br /></td><td class="advisory-td" label="Affected Versions"> Below 7.2.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>7.2.0</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in version 7.2.0 of Splunk Add-on for Amazon Web Services, including the following:</td><td class="advisory-td" label="Solution">Upgrade the Splunk Add-on for Amazon Web Services to version 7.2.0 or higher.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2023-37920 - certifi - Upgraded to 2023.7.22 - Critical - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1001">SVD-2023-1001</a></td><td label="Published" class="advisory-td">2023-10-06</td><td label="Modified" class="advisory-td">2023-10-06</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-1001">Splunk Statement on CVE-2023-4863 libwebp Vulnerability</a></td><td label="Severity" class="advisory-td">Informational</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description">In early September 2023, Google disclosed a High-rated vulnerability, CVE-2023-4863, that affects Google Chrome and the libwebp library, which is part of the WebP image codec. Splunk has determined that CVE-2023-4863 does not affect Splunk products. If you have a product in your environment that CVE-2023-4863 does affect, upgrade the product per the recommendations from the product vendor.</td><td class="advisory-td" label="Solution">None. CVE-2023-4863 does _not_ affect Splunk products.</td><td class="advisory-td" label="Mitigations">None</td><td class="advisory-td" label="Severity Summary">Informational</td><td class="advisory-td" label="OSS"> CVE-2023-4863 - libwebp - Not affected - Informational - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0811">SVD-2023-0811</a></td><td label="Published" class="advisory-td">2023-08-30</td><td label="Modified" class="advisory-td">2023-08-30</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0811">Third Party Package Updates in IT Service Intelligence (ITSI)</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk ITSI 4.15<br /> Splunk ITSI 4.13<br /></td><td class="advisory-td" label="Fixed Versions"> 4.15.3<br /> 4.13.3<br /></td><td class="advisory-td" label="Affected Versions"> 4.15.0 to 4.15.2<br /> 4.13.0 to 4.13.2<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>4.15.3</span><br /> <span>4.13.3</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk IT Service Intelligence (ITSI), including the following:</td><td class="advisory-td" label="Solution">For Splunk IT Service Intelligence (ITSI), upgrade versions to 4.13.3 or 4.15.3</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2023-2976 - guava - Upgraded to 32.0.0 - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0810">SVD-2023-0810</a></td><td label="Published" class="advisory-td">2023-08-30</td><td label="Modified" class="advisory-td">2023-09-29</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0810">Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-4571">CVE-2023-4571</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.6</td><td class="advisory-td" label="CWE">CWE-117</td><td class="advisory-td" label="Bug">ITSI-31707</td><td class="advisory-td" label="Affected Product"> Splunk ITSI 4.13<br /> Splunk ITSI 4.15<br /> Splunk ITSI 4.17<br /></td><td class="advisory-td" label="Fixed Versions"> 4.13.3<br /> 4.15.3<br /> 4.17.1<br /></td><td class="advisory-td" label="Affected Versions"> 4.13.0 to 4.13.2<br /> 4.15.0 to 4.15.2<br /> 4.17.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>4.13.3</span><br /> <span>4.15.3</span><br /> <span>4.17.1</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /></td><td class="advisory-td" label="Description">In Splunk IT Service Intelligence (ITSI) versions below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed.</td><td class="advisory-td" label="Solution">For Splunk ITSI, upgrade to version 4.13.3, 4.15.3, or 4.17.1. Upgrading or mitigating the issue prevents future log injections. However, logs that were generated prior to an upgrade might be at risk. Where applicable, remove existing Splunk ITSI log files in either $SPLUNK_HOME/var/log/splunk/ or $SPLUNK_HOME/var/run/splunk/dispatch/<session_id>/itsi_search.log. On Windows ITSI instances, the log files are in %SPLUNK_HOME%\var\log\splunk and %SPLUNK_HOME%\var\run\splunk\dispatch\<session_id>\itsi_search.log.</td><td class="advisory-td" label="Mitigations">As a partial mitigation, users can protect themselves from log injections via ANSI escape characters by disabling the ability to process ANSI escape codes in terminal applications or using a terminal application that supports the filtering of ANSI codes.</td><td class="advisory-td" label="Severity Summary">Splunk rates the vulnerability as High, 8.6, with a CVSS Vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. **Attack Vector:** The attack initially occurs at the network layer through an HTTP web request from the attacker to the vulnerable Splunk ITSI instance. However, this initial attack vector does not align with the CVSS metrics for “Attack Vector.” In most vulnerabilities that Splunk rates, the vector would align with those metrics, but the CVSS specification provides two qualifications for the “Local” metric. Specifically, the second qualification states the following: * the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document).” The attack mirrors this example, requiring the user to open a malicious document, for example, the injected log file. Because of this, Splunk rated the Attack Vector as “Local” per the CVSS v3.1 Specification Document. **Attack Complexity:** The vulnerability does not require additional preparation from the attacker, and there are no extenuating circumstances for exploiting the vulnerability. **Privileges Required:** The vulnerability does not require attacker privileges and occurs through an unauthenticated request to the Splunk ITSI instance. **User Interaction:** The vulnerability requires users to open or read the malicious document, file, or log for successful execution. **Scope:** The vulnerability does not affect Splunk ITSI directly, only indirectly through the authorized permissions in the user’s terminal. The vulnerability directly affects the user’s terminal, which falls outside of Splunk’s security authority. As such, the vulnerability qualifies for a Change in Scope. **Confidentiality/Integrity/Availability:** The vulnerability allows for the potential for remote code execution within the context of a user’s terminal. Because of this, out of an abundance of caution, Splunk rated the impact on the user’s terminal as High for all three vectors. The indirect impact on Splunk ITSI might vary significantly depending on how the user configured permissions in their terminal application.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> STÖK / Fredrik Alexandersson<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0809">SVD-2023-0809</a></td><td label="Published" class="advisory-td">2023-08-30</td><td label="Modified" class="advisory-td">2023-08-30</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0809">August Third Party Package Updates in Splunk Universal Forwarder</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Universal Forwarder 8.2<br /> Universal Forwarder 9.0<br /> Universal Forwarder 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 8.2.12<br /> 9.0.6<br /> 9.1.1<br /></td><td class="advisory-td" label="Affected Versions"> 8.2.0 to 8.2.11<br /> 9.0.0 to 9.0.5<br /> 9.1.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.2.12</span><br /> <span>9.0.6</span><br /> <span>9.1.1</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder, including the following:</td><td class="advisory-td" label="Solution">For Splunk Universal Forwarder, upgrade versions to 8.2.12, 9.0.6, or 9.1.1</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2021-30560 - libxslt - Patched - High - <br /> CVE-2021-30560 - libxslt - Patched - High - <br /> CVE-2023-27538 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-27537 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-27536 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-27535 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-27534 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2023-27533 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2023-23916 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-23915 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-23914 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2022-43552 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-43551 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-42916 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-42915 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-35260 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-32221 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2022-35252 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2022-32208 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-32207 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2022-32206 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-32205 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-30115 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-27782 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27781 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27780 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27779 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-27778 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27776 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-27775 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27774 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-22576 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2021-22947 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22946 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2021-22945 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2021-22926 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2021-22925 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22924 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2021-22923 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22922 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22901 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2021-22898 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2021-22897 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22890 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2021-22876 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2020-8286 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2020-8285 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2020-8284 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2020-8231 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2020-8177 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2020-8169 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-36227 - libarchive - Upgraded to 3.6.2 - Critical - <br /> CVE-2021-31566 - libarchive - Upgraded to 3.6.2 - High - <br /> CVE-2021-36976 - libarchive - Upgraded to 3.6.2 - Medium - <br /> CVE-2021-3520 - lz4 - Upgraded to. 1.9.4 - Critical - <br /> CVE-2020-14155 - pcre2 - Upgraded to 10.40 - Medium - <br /> CVE-2019-20454 - pcre2 - Upgraded to 10.40 - High - <br /> CVE-2019-20838 - pcre2 - Upgraded to 10.40 - High - <br /> CVE-2020-14155 - pcre2 - Upgraded to 10.40 - Medium - <br /> CVE-2019-20454 - pcre2 - Upgraded to 10.40 - High - <br /> CVE-2019-20838 - pcre2 - Upgraded to 10.40 - High - <br /> CVE-2022-35737 - sqlite - Upgraded to 3.41.2 - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0808">SVD-2023-0808</a></td><td label="Published" class="advisory-td">2023-08-30</td><td label="Modified" class="advisory-td">2024-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0808">August 2023 Third Party Package Updates in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 8.2.12<br /> 9.0.6<br /> 9.1.1<br /></td><td class="advisory-td" label="Affected Versions"> 8.2.0 to 8.2.11<br /> 9.0.0 to 9.0.5<br /> 9.1.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.2.12</span><br /> <span>9.0.6</span><br /> <span>9.1.1</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise, including the following:</td><td class="advisory-td" label="Solution">For Splunk Enterprise, upgrade versions to 8.2.12, 9.0.6, or 9.1.1</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2022-38900 - decode-uri-component - Upgraded to 6.0.0 - High - <br /> CVE-2022-33987 - got - Upgraded to 12.5.3 - Medium - <br /> CVE-2022-37601 - loader-utils - Upgraded to 1.4.2 - Critical - <br /> CVE-2021-23382 - postcss - Upgraded to 7.0.37 - High - <br /> CVE-2021-29060 - color-string - Upgraded to 1.5.5 - Medium - <br /> CVE-2022-38900 - decode-uri-component - Upgraded to 0.2.1 - High - <br /> CVE-2020-28469 - glob-parent - Upgraded to 5.1.2 - High - <br /> CVE-2022-37599 - loader-utils - Upgraded to 2.0.4 - High - <br /> CVE-2022-37601 - loader-utils - Upgraded to 2.0.4 - Critical - <br /> CVE-2022-37603 - loader-utils - Upgraded to 2.0.4 - High - <br /> CVE-2022-3517 - minimatch - Upgraded to 3.0.5 - High - <br /> CVE-2022-31129 - moment - Upgraded to 2.29.4 - High - <br /> CVE-2021-3803 - nth-check - Upgraded to 2.0.1 - High - <br /> CVE-2021-23343 - path-parse - Upgraded to 1.0.7 - High - <br /> CVE-2022-24999 - qs - Upgraded to 6.5.3 - High - <br /> CVE-2022-25881 - http-cache-semantics - Upgraded to 4.1.1 - High - <br /> CVE-2022-42003 - jackson-databind - Upgraded to 2.13.5 - High - <br /> CVE-2022-42004 - jackson-databind - Upgraded to 2.13.5 - High - <br /> CVE-2021-41182 - jquery-ui - Upgraded to 1.13.2 - Medium - <br /> CVE-2021-41183 - jquery-ui - Upgraded to 1.13.2 - Medium - <br /> CVE-2021-41184 - jquery-ui - Upgraded to 1.13.2 - Medium - <br /> CVE-2022-46175 - json5 - Upgraded to 1.0.2 - High - <br /> CVE-2022-36227 - libarchive - Upgraded to 3.6.2 - Critical - <br /> CVE-2021-31566 - libarchive - Upgraded to 3.6.2 - High - <br /> CVE-2021-36976 - libarchive - Upgraded to 3.6.2 - Medium - <br /> CVE-2021-3520 - lz4 - Upgraded to. 1.9.4 - Critical - <br /> CVE-2020-14155 - pcre2 - Upgraded to 10.40 - Medium - <br /> CVE-2019-20454 - pcre2 - Upgraded to 10.40 - High - <br /> CVE-2019-20838 - pcre2 - Upgraded to 10.40 - High - <br /> CVE-2022-35737 - sqlite - Upgraded to 3.41.2 - High - <br /> CVE-2022-23491 - certifi - Patched* - High - <br /> CVE-2022-23491 - certifi - Upgraded to 2023.5.7** - High - <br /> Multiple - curl - Upgraded to 8.0.1*** - High - <br /> Multiple - go - Updated golang in mongotools**** - Critical - <br /> CVE-2021-30560 - libxslt - Patched***** - High - <br /> CVE-2022-2309 - lxml - Patched****** - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0807">SVD-2023-0807</a></td><td label="Published" class="advisory-td">2023-08-30</td><td label="Modified" class="advisory-td">2023-10-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0807">Command Injection in Splunk Enterprise Using External Lookups</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-40598">CVE-2023-40598</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.5</td><td class="advisory-td" label="CWE">CWE-77</td><td class="advisory-td" label="Bug">SPL-230071</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /> Splunk Cloud -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.2.12<br /> 9.0.6<br /> 9.1.1<br /> 9.0.2305.200<br /></td><td class="advisory-td" label="Affected Versions"> 8.2.0 to 8.2.11<br /> 9.0.0 to 9.0.5<br /> 9.1.0<br /> 9.0.2305.100 and below<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.2.12</span><br /> <span>9.0.6</span><br /> <span>9.1.1</span><br /> <span>9.0.2305.200</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.<br><br>The vulnerability revolves around the currently-deprecated `runshellscript` command that scripted alert actions use. This command, along with external command lookups, lets an attacker use this vulnerability to inject and execute commands within a privileged context from the Splunk platform instance.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to either 8.2.12, 9.0.6, or 9.1.1. <br><br>Splunk is actively upgrading and monitoring Splunk Cloud deployments.</td><td class="advisory-td" label="Mitigations">If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf configuration specification](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) file in the Splunk documentation for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability 8.5, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0806">SVD-2023-0806</a></td><td label="Published" class="advisory-td">2023-08-30</td><td label="Modified" class="advisory-td">2023-10-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0806">Absolute Path Traversal in Splunk Enterprise Using runshellscript.py</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-40597">CVE-2023-40597</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">7.8</td><td class="advisory-td" label="CWE">CWE-36</td><td class="advisory-td" label="Bug">VULN-5304</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /> Splunk Cloud -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.2.12<br /> 9.0.6<br /> 9.1.1<br /> 9.0.2305.200<br /></td><td class="advisory-td" label="Affected Versions"> 8.2.0 to 8.2.11<br /> 9.0.0 to 9.0.5<br /> 9.1.0<br /> 9.0.2305.100 and below<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.2.12</span><br /> <span>9.0.6</span><br /> <span>9.1.1</span><br /> <span>9.0.2305.200</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.<br><br>The runshellscript.py script does not perform adequate user validation. This lets an attacker use the runshellscript.py script to run a script in the root directory of another disk on the machine.<br><br>The exploit requires the attacker to have write access to the drive on which they place the exploit script.<br>This vulnerability only affects Splunk Enterprise Instances that run on Windows.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to 8.2.12, 9.0.6, or 9.1.1. <br><br>This vulnerability does not affect Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">No mitigations</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability a 7.8, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H. <br><br>This vulnerability only affects Splunk Enterprise Instances that run on Windows machines. If your Splunk platform instance does not run on Windows, it is not affected and this vulnerability is considered informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0805">SVD-2023-0805</a></td><td label="Published" class="advisory-td">2023-08-30</td><td label="Modified" class="advisory-td">2023-08-30</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0805">Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-40596">CVE-2023-40596</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">7.0</td><td class="advisory-td" label="CWE">CWE-665</td><td class="advisory-td" label="Bug">VULN-4474</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 8.2.12<br /> 9.0.6<br /> 9.1.1<br /></td><td class="advisory-td" label="Affected Versions"> 8.2.0 to 8.2.11<br /> 9.0.0 to 9.0.5<br /> 9.1.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.2.12</span><br /> <span>9.0.6</span><br /> <span>9.1.1</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine. As part of creating the DLL files within a Splunk Enterprise installation, the build system specifies internal build definition references. If a reference for a build definition is not provided, the build system uses the local directory on the build system when it builds the DLL files. The OPENSSLDIR definition reference was not explicitly provided at build time, which resulted in an insecure path for the OPENSSLDIR definition being encoded into the affected DLL file. An attacker could determine this directory and subsequently create the directory structure locally on the Splunk Enterprise instance, then install malicious code within this directory structure to escalate their privileges on the Windows machine that runs the instance.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 8.2.12, 9.0.6, or 9.1.1. This vulnerability does not affect Splunk Cloud Platform.</td><td class="advisory-td" label="Mitigations">Restrict the permissions of the user that runs the splunkd process to core functionality. For more information, please review [Harden Your Windows Installation](https://docs.splunk.com/Documentation/Splunk/latest/Security/HardenyourWindowsinstallation).</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 7.0, High, with a CVSSv3.1 vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. If you do not run Splunk Enterprise on a Windows machine, then there is no impact and the severity is Informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Will Dormann, Vul Labs<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0804">SVD-2023-0804</a></td><td label="Published" class="advisory-td">2023-08-30</td><td label="Modified" class="advisory-td">2023-10-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0804">Remote Code Execution via Serialized Session Payload</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-40595">CVE-2023-40595</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8</td><td class="advisory-td" label="CWE">CWE-502</td><td class="advisory-td" label="Bug">PRODSECOPS-25334</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /> Splunk Cloud -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.2.12<br /> 9.0.6<br /> 9.1.1<br /> 9.0.2305.200<br /></td><td class="advisory-td" label="Affected Versions"> 8.2.0 to 8.2.11<br /> 9.0.0 to 9.0.5<br /> 9.1.0<br /> 9.0.2305.100 and below<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.2.12</span><br /> <span>9.0.6</span><br /> <span>9.1.1</span><br /> <span>9.0.2305.200</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.<br><br>The exploit requires the use of the `collect` SPL command which writes a file within the Splunk Enterprise installation. The attacker can then use this file to submit a serialized payload that can result in execution of code within the payload.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 8.2.12, 9.0.6, or 9.1.1. <br><br>For Splunk Cloud Platform, Splunk is actively monitoring and patching affected instances.</td><td class="advisory-td" label="Mitigations">If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf configuration specification](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) file in the Splunk documentation for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rated the vulnerability as High, 8.8, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.<br><br>If the Splunk Enterprise instance does not run Splunk Web, there is no impact and the severity is Informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0803">SVD-2023-0803</a></td><td label="Published" class="advisory-td">2023-08-30</td><td label="Modified" class="advisory-td">2023-10-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0803">Denial of Service (DoS) via the ‘printf’ Search Function</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-40594">CVE-2023-40594</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">6.5</td><td class="advisory-td" label="CWE">CWE-400</td><td class="advisory-td" label="Bug">SPL-235294</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /> Splunk Cloud -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.2.12<br /> 9.0.6<br /> 9.1.1<br /> 9.0.2303.100<br /></td><td class="advisory-td" label="Affected Versions"> 8.2.0 to 8.2.11<br /> 9.0.0 to 9.0.5<br /> 9.1.0<br /> 9.0.2209 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.2.12</span><br /> <span>9.0.6</span><br /> <span>9.1.1</span><br /> <span>9.0.2303.100</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the ‘printf’ SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance through a crash of the Splunk daemon.<br><br>The `printf` function does not properly validate expressions in certain cases in combination with commands like `fieldformat` that occur earlier in the search pipeline. This failure to validate results in a crash of the Splunk daemon and the subsequent DoS.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 8.2.12, 9.0.6, or 9.1.1. <br><br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf configuration specification](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) file in the Splunk documentation for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk has rated this vulnerability as 6.5, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0802">SVD-2023-0802</a></td><td label="Published" class="advisory-td">2023-08-30</td><td label="Modified" class="advisory-td">2023-10-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0802">Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-40593">CVE-2023-40593</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">6.3</td><td class="advisory-td" label="CWE">CWE-400</td><td class="advisory-td" label="Bug">SPL-219455</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.2.12<br /> 9.0.6<br /> 9.0.2205<br /></td><td class="advisory-td" label="Affected Versions"> 8.2.0 to 8.2.11<br /> 9.0.0 to 9.0.5<br /> 8.2.2203<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.2.12</span><br /> <span>9.0.6</span><br /> <span>9.0.2205</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions lower than 9.0.6, and 8.2.12, an attacker can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.<br><br>The SAML extensible markup language (XML) parser does not fail SAML signature validation when the attacker modifies the URI in the SAML request. Instead it attempts to access the modified URI, which causes the Splunk daemon to crash or hang.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 8.2.12 and 9.0.6. This vulnerability does not affect Splunk Enterprise versions 9.1.0 and higher.<br><br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">Disable single sign-on using SAML as an authentication scheme (SAML SSO). For more information on this type of configuration, see [Configure single sign-on with SAML](https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/HowSAMLSSOworks) in the Splunk documentation.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as 6.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H. <br><br>If your Splunk Enterprise Instance does not use SAML as an authentication scheme for SSO, it is not affected and this vulnerability can be considered informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Aaron Devaney (Dodekeract)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0801">SVD-2023-0801</a></td><td label="Published" class="advisory-td">2023-08-30</td><td label="Modified" class="advisory-td">2023-10-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0801">Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-40592">CVE-2023-40592</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.4</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">VULN-5287</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /> Splunk Cloud -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.2.12<br /> 9.0.6<br /> 9.1.1<br /> 9.0.2305.200 <br /></td><td class="advisory-td" label="Affected Versions"> 8.2.0 to 8.2.11<br /> 9.0.0 to 9.0.5<br /> 9.1.0<br /> 9.0.2305.100 and below<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.2.12</span><br /> <span>9.0.6</span><br /> <span>9.1.1</span><br /> <span>9.0.2305.200 </span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint, which presents as the “Create Table View” page in Splunk Web. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.<br><br>A JavaScript file within this web endpoint does not properly validate input which lets an attacker insert a payload into a function.</td><td class="advisory-td" label="Solution">Upgrade Splunk Enterprise to versions 8.2.12, 9.0.6, or 9.1.1.<br><br>Splunk is actively monitoring and patching Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf configuration specification](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) file in the Splunk documentation for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rated this vulnerability as 8.4, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0702">SVD-2023-0702</a></td><td label="Published" class="advisory-td">2023-07-31</td><td label="Modified" class="advisory-td">2023-10-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0702">Unauthenticated Log Injection In Splunk SOAR</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-3997">CVE-2023-3997</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.6</td><td class="advisory-td" label="CWE">CWE-117</td><td class="advisory-td" label="Bug">SPL-241869</td><td class="advisory-td" label="Affected Product"> Splunk SOAR (On-premises) <br /> Splunk SOAR (Cloud) <br /></td><td class="advisory-td" label="Fixed Versions"> 6.1.0<br /> 6.1.0<br /></td><td class="advisory-td" label="Affected Versions"> 6.0.2 and lower<br /> 6.0.2 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>6.1.0</span><br /> <span>6.1.0</span><br /></td><td class="advisory-td" label="Affected Components"> SOAR<br /> SOAR<br /></td><td class="advisory-td" label="Description">In Splunk SOAR versions lower than 6.1.0, a maliciously crafted request to web endpoint through Splunk SOAR can inject ANSI (American National Standards Institute) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially result in malicious code execution in the vulnerable application. This attack requires a Splunk SOAR user to use a terminal application that supports the translation of ANSI escape codes to read the malicious log file locally in the vulnerable application. The attack further requires the terminal user to execute the code. This vulnerability does not directly affect Splunk SOAR, only indirectly through the permissions in the user’s terminal. The indirect impact on Splunk SOAR can vary significantly depending on the permissions in the vulnerable terminal application and where and how the terminal user reads the malicious log file. For example, a terminal user can unknowingly copy the malicious file from the Splunk SOAR instance and read it on their local machine. In this case, that local machine would be affected.</td><td class="advisory-td" label="Solution">Splunk SOAR (On-premises): Upgrade to version 6.1.0. Splunk SOAR (Cloud): No action is required. Splunk is actively patching and monitoring the Splunk SOAR (Cloud) instances.</td><td class="advisory-td" label="Mitigations">If it is not currently practical to upgrade to Splunk SOAR version 6.1.0, you can partially mitigate the risk. As a partial, general mitigation, you can protect Splunk SOAR users from log injections via ANSI escape characters by disabling the ability to process ANSI escape codes in terminal applications or by using a terminal application that supports the filtering of ANSI codes.</td><td class="advisory-td" label="Severity Summary">Splunk rates this vulnerability as High, 8.6, with a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. **Attack Vector:** The attack initially occurs at the network layer through an HTTP web request from the attacker to the vulnerable Splunk SOAR instance. However, this initial attack vector does not align with the CVSS metrics for “Attack Vector”. In most vulnerabilities that Splunk rates, the vector would align with CVSS metrics, but the CVSS specification provides two qualifications for the “Local” metric. Specifically, the second qualification states the following: *“The attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document).”* The attack mirrors this qualification, requiring another user to open a malicious document, for example, the injected log file. Because of this, Splunk rated this Attack Vector as “Local” per the CVSS v3.1 Specification Document. **Attack Complexity:** This vulnerability requires no additional preparation from the attacker, and there are no extenuating circumstances for exploiting this vulnerability. **Privileges Required:** This vulnerability does not require additional privileges and occurs through an unauthenticated web request to Splunk SOAR. **User Interaction:** This vulnerability requires users to open or read the malicious document, file, or log for successful execution. **Scope:** This vulnerability does not affect Splunk SOAR directly, only indirectly through the authorized permissions in the user’s terminal. This vulnerability directly affects the user’s terminal, which falls outside of Splunk’s security authority. As such, this vulnerability qualifies for a Change in Scope, as defined by the CVSS standard. **Confidentiality/Integrity/Availability:** This vulnerability enables potential remote code execution within the context of a user’s terminal. Because of this, out of an abundance of caution, Splunk rated the impact on the user’s terminal as High for Confidentiality, Integrity and Availability. The indirect impact on Splunk SOAR might vary significantly depending on how the terminal user configured permissions in their terminal application.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> STÖK / Fredrik Alexandersson<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0701">SVD-2023-0701</a></td><td label="Published" class="advisory-td">2023-07-17</td><td label="Modified" class="advisory-td">2023-07-17</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0701">Splunk SOAR Cryptography Python Package Upgrade Incompatibility</a></td><td label="Severity" class="advisory-td">Informational</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk SOAR (On-premises) 6.1<br /> Splunk SOAR (Cloud) 6.1<br /></td><td class="advisory-td" label="Fixed Versions"> 6.1.1<br /> 6.1.1<br /></td><td class="advisory-td" label="Affected Versions"> 6.1.1 and above<br /> 6.1.1 and above<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>6.1.1</span><br /> <span>6.1.1</span><br /></td><td class="advisory-td" label="Affected Components"> Custom Apps<br /> Custom Apps<br /></td><td class="advisory-td" label="Description">In Splunk Security Orchestration, Automation and Response (SOAR) version 6.1.1, Splunk upgraded the Python cryptography library within the app to version 41.0.1. This version of the cryptography library may cause Python module import problems during execution, if a specific version of the library is used for a custom app. The problem occurs when the cryptography library that you specify as a dependency for your custom app is a version that is lower than or equal to version 39.0.1.</td><td class="advisory-td" label="Solution">To address the incompatibility, specify a version of the library package on your custom app dependency to a version that is higher than 39.0.1. For more information on how to create a custom app using the SOAR App Wizard, see [Create an app with the App Wizard](https://docs.splunk.com/Documentation/SOAR/current/DevelopApps/CreateAnAppWithTheAppEditor) in the Splunk SOAR documentation.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">N/A</td><td class="advisory-td" label="OSS"> CVE-2023-23931 - Cryptography, Python - Upgraded to 41.0.1 - Medium - <br /> CVE-2023-0286 - Cryptography, Python - Upgraded to 41.0.1 - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0615">SVD-2023-0615</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0615">June Third Party Package Updates in Splunk Cloud</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Cloud <br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.2303.100<br /></td><td class="advisory-td" label="Affected Versions"> 9.0.2303 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.2303.100</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Cloud, including the following:</td><td class="advisory-td" label="Solution">For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs listed above, Splunk adopted the national vulnerability database (NVD) CVSS rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2022-40303 - libxml2 - Patched - High - <br /> CVE-2022-40304 - libxml2 - Patched - High - <br /> CVE-2022-23491 - certifi - Upgraded to 2022.12.7 - High - <br /> CVE-2022-43680 - python3 - Upgraded to 3.7.16 - High - <br /> CVE-2023-0286 - OpenSSL 1.0.2 - Upgraded to 1.0.2zg - High - <br /> CVE-2023-0215 - OpenSSL 1.0.2 - Upgraded to 1.0.2zg - High - <br /> CVE-2022-4304 - OpenSSL 1.0.2 - Upgraded to 1.0.2zg - Medium - <br /> CVE-2022-33987 - got - Upgraded to 12.5.3 - Medium - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0614">SVD-2023-0614</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0614">June Third Party Package Updates in Splunk Universal Forwarders</a></td><td label="Severity" class="advisory-td">Critical</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Universal Forwarders 8.1<br /> Universal Forwarders 8.2<br /> Universal Forwarders 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.14<br /> 8.2.11<br /> 9.0.5<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.13 and Lower<br /> 8.2.0 to 8.2.10<br /> 9.0.0 to 9.0.4<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.14</span><br /> <span>8.2.11</span><br /> <span>9.0.5</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.1.14, 8.2.11, and 9.0.5 of Splunk Universal Forwarder, including the following:</td><td class="advisory-td" label="Solution">For Splunk Universal Forwarder, upgrade versions to 8.1.14, 8.2.11, 9.0.5, or higher.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs listed above, Splunk adopted the national vulnerability database (NVD) CVSS rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2022-40303 - libxml2 - Patched - High - <br /> CVE-2022-40304 - libxml2 - Patched - High - <br /> CVE-2023-0286 - OpenSSL 1.0.2 - Upgraded to 1.0.2zg - High - <br /> CVE-2023-0215 - OpenSSL 1.0.2 - Upgraded to 1.0.2zg - High - <br /> CVE-2022-4304 - OpenSSL 1.0.2 - Upgraded to 1.0.2zg - Medium - <br /> CVE-2023-27538 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-27537 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-27536 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2023-27535 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2023-27534 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2023-27533 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2023-23916 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-23915 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-23914 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2022-43552 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-43551 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-42916 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-42915 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2022-35260 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-32221 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2022-35252 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2022-32208 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-32207 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2022-32206 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-32205 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-30115 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-27782 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27781 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27780 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27779 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-27778 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27776 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-27775 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27774 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-22576 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2021-22947 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22946 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2021-22945 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2021-22926 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2021-22925 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22924 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2021-22923 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22922 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22901 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2021-22898 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2021-22897 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22890 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2021-22876 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2020-8286 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2020-8285 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2020-8284 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2020-8231 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2020-8177 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2020-8169 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-36227 - libarchive - Upgraded to 3.6.2 - Critical - <br /> CVE-2021-31566 - libarchive - Upgraded to 3.6.2 - High - <br /> CVE-2021-36976 - libarchive - Upgraded to 3.6.2 - Medium - <br /> CVE-2021-3520 - lz4 - Upgraded to 1.9.4 - Critical - <br /> CVE-2022-35737 - SQLite - Upgraded to 3.41.2 - High - <br /> CVE-2018-25032 - zlib - Applied patch - High - <br /> CVE-2022-37434 - zlib - Applied patch - Critical - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0613">SVD-2023-0613</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2024-01-09</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0613">June Third Party Package Updates in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.14<br /> 8.2.11<br /> 9.0.5<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.13 and Lower<br /> 8.2.0 to 8.2.10<br /> 9.0.0 to 9.0.4<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.14</span><br /> <span>8.2.11</span><br /> <span>9.0.5</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /></td><td class="advisory-td" label="Description">Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.1.14, 8.2.11, and 9.0.5 of Splunk Enterprise, including the following:</td><td class="advisory-td" label="Solution">For Splunk Enterprise, upgrade versions to 8.1.14, 8.2.11, 9.0.5, or higher.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">For the CVEs listed above, Splunk adopted the national vulnerability database (NVD) CVSS rating to align with industry standards.</td><td class="advisory-td" label="OSS"> CVE-2022-40303 - libxml2 - Patched - High - <br /> CVE-2022-40304 - libxml2 - Patched - High - <br /> CVE-2023-0286 - OpenSSL 1.0.2 - Upgraded to 1.0.2zg - High - <br /> CVE-2023-0215 - OpenSSL 1.0.2 - Upgraded to 1.0.2zg - High - <br /> CVE-2022-4304 - OpenSSL 1.0.2 - Upgraded to 1.0.2zg - Medium - <br /> CVE-2023-27538 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-27537 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-27536 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2023-27535 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2023-27534 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2023-27533 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2023-23916 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-23915 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2023-23914 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2022-43552 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-43551 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-42916 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-42915 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2022-35260 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-32221 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2022-35252 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2022-32208 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-32207 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2022-32206 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-32205 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-30115 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-27782 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27781 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27780 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27779 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-27778 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27776 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-27775 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-27774 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2022-22576 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2021-22947 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22946 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2021-22945 - curl - Upgraded to 8.0.1 - Critical - <br /> CVE-2021-22926 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2021-22925 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22924 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2021-22923 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22922 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22901 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2021-22898 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2021-22897 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2021-22890 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2021-22876 - curl - Upgraded to 8.0.1 - Medium - <br /> CVE-2020-8286 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2020-8285 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2020-8284 - curl - Upgraded to 8.0.1 - Low - <br /> CVE-2020-8231 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2020-8177 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2020-8169 - curl - Upgraded to 8.0.1 - High - <br /> CVE-2022-36227 - libarchive - Upgraded to 3.6.2 - Critical - <br /> CVE-2021-31566 - libarchive - Upgraded to 3.6.2 - High - <br /> CVE-2021-36976 - libarchive - Upgraded to 3.6.2 - Medium - <br /> CVE-2021-3520 - lz4 - Upgraded to 1.9.4 - Critical - <br /> CVE-2022-35737 - SQLite - Upgraded to 3.41.2 - High - <br /> CVE-2018-25032 - zlib - Applied patch - High - <br /> CVE-2022-37434 - zlib - Applied patch - Critical - <br /> CVE-2020-15138 - prismjs - Upgraded to 1.2.9 - High - <br /> CVE-2022-37616 - xmldom - Upgraded to 0.7.9 - Critical - <br /> CVE-2021-29060 - color-string - Upgraded to 1.5.5 - Medium - <br /> CVE-2022-38900 - decode-uri-component - Upgraded to 0.2.1 - High - <br /> CVE-2020-28469 - glob-parent - Upgraded to 5.1.2 - High - <br /> CVE-2022-46175 - json5 - Upgraded to 1.0.2 - High - <br /> CVE-2022-46175 - json5 - Upgraded to 2.2.3 - High - <br /> CVE-2022-37599 - loader-utils - Upgraded to 2.0.4 - High - <br /> CVE-2022-37601 - loader-utils - Upgraded to 2.0.4 - Critical - <br /> CVE-2022-37603 - loader-utils - Upgraded to 2.0.4 - High - <br /> CVE-2022-3517 - minimatch - Upgraded to 3.0.5 - High - <br /> CVE-2022-31129 - moment - Upgraded to 2.29.4 - High - <br /> CVE-2021-23343 - path-parse - Upgraded to 1.0.7 - High - <br /> CVE-2021-23368 - postcss - Upgraded to 7.0.36 - Medium - <br /> CVE-2021-23382 - postcss - Upgraded to 7.0.36 - High - <br /> CVE-2022-43680 - python3 - Upgraded to 3.7.16 - High - <br /> CVE-2022-24999 - qs - Upgraded to 6.5.3 - High - <br /> CVE-2020-7753 - ssri - Uppgraded to 6.0.2 - High - <br /> CVE-2022-25858 - terser - Upgraded to 4.8.1 - High - <br /> CVE-2021-3803 - nth-check - Upgraded to 2.0.1 - High - <br /> CVE-2020-7753 - trim - Upgraded to 0.0.3 - High - <br /> CVE-2021-33587 - css-what - Upgraded to 5.0.1 - High - <br /> CVE-2020-8116 - dot-prop - Upgraded to 4.2.1 - High - <br /> CVE-2020-13822 - elliptic - Upgraded to 6.5.4 - High - <br /> CVE-2022-33987 - got - Upgraded to 12.5.3 - Medium - <br /> CVE-2022-4200 - jackson-databind - Upgraded to 2.13.5 - Medium - <br /> CVE-2022-42004 - jackson-databind - Upgraded to 2.13.5 - High - <br /> CVE-2023-1370 - json-smart - Upgraded to 2.4.9 - High - <br /> CVE-2019-20149 - kind-of - Upgraded to 6.0.3 - High - <br /> CVE-2022-37601 - loader-utils - Upgraded to 1.4.2 - Critical - <br /> CVE-2022-37601 - loader-utils - Upgraded to 2.0.4 - Critical - <br /> CVE-2020-8203 - lodash - Upgraded to 4.17.21 - High - <br /> CVE-2019-10744 - lodash-es - Upgraded to 4.17.21 - Critical - <br /> CVE-2022-40023 - mako - Patched* - High - <br /> CVE-2022-40023 - mako - Upgraded to 1.2.4** - High - <br /> CVE-2019-10746 - mixin-deep - Upgraded to 1.3.2 - Critical - <br /> CVE-2021-23382 - postcss - Upgraded to 7.0.37 - High - <br /> CVE-2021-33502 - normalize-url - Upgraded to 6.1.0 - High - <br /> CVE-2021-27292 - ua-parser-js - Upgraded to 0.7.35 - High - <br /> CVE-2021-33503 - urllib3 - Upgraded to 1.26.6 - High - <br /> CVE-2020-7662 - websocket-extensions - Upgraded to 0.1.4 - High - <br /> CVE-2020-7774 - y18n - Upgraded to 4.0.3 - Critical - <br /> CVE-2022-23806 - go, crypto/elliptic - Upgraded go to 1.2 - Critical - <br /> CVE-2022-23772 - go, math/big - Upgraded go to 1.2 - High - <br /> CVE-2021-43565 - go, x/crypto - Upgraded go to 1.2 - High - <br /> CVE-2022-30580 - go, os/exec - Upgraded go to 1.2 - High - <br /> CVE-2022-30633 - go, encoding/xml - Upgraded go to 1.2 - High - <br /> CVE-2022-28131 - go, encoding/xml - Upgraded go to 1.2 - High - <br /> CVE-2022-30632 - go, path/filepath - Upgraded go to 1.2 - High - <br /> CVE-2022-41716 - go - Upgraded go to 1.2 - High - <br /> CVE-2022-28327 - go, crypto/elliptic - Upgraded go to 1.2 - High - <br /> CVE-2022-24921 - go - Upgraded go to 1.2 - High - <br /> CVE-2022-30630 - go, io/fs - Upgraded go to 1.2 - High - <br /> CVE-2022-27191 - go, crypto/ssh - Upgraded go to 1.2 - High - <br /> CVE-2022-23773 - go, cmd/go - Upgraded go to 1.2 - High - <br /> CVE-2022-30634 - go, crypto/rand - Upgraded go to 1.2 - High - <br /> CVE-2022-41715 - go - Upgraded go to 1.2 - High - <br /> CVE-2022-24675 - go, encoding/pem - Upgraded go to 1.2 - High - <br /> CVE-2022-41720 - go - Upgraded go to 1.2 - High - <br /> CVE-2022-27664 - go, net/http - Upgraded go to 1.2 - High - <br /> CVE-2022-2880 - go, net/http - Upgraded go to 1.2 - High - <br /> CVE-2022-29804 - go, path/filepath - Upgraded go to 1.2 - High - <br /> CVE-2022-32189 - go, math/big - Upgraded go to 1.2 - High - <br /> CVE-2022-30635 - go, encoding/gob - Upgraded go to 1.2 - High - <br /> CVE-2022-30631 - go, compress/gzip - Upgraded go to 1.2 - High - <br /> CVE-2022-2879 - go - Upgraded go to 1.2 - High - <br /> CVE-2022-1705 - go, net/http - Upgraded go to 1.2 - Medium - <br /> CVE-2022-1962 - go, go/parse - Upgraded go to 1.2 - Medium - <br /> CVE-2022-29526 - go, sys - Upgraded go to 1.2 - Medium - <br /> CVE-2022-32148 - go, net/http - Upgraded go to 1.2 - Medium - <br /> CVE-2022-30629 - go, crypto/tls - Upgraded go to 1.2 - Low - <br /> CVE-2017-16042 - Growl - Upgraded to 1.10.5 - Critical - <br /> CVE-2021-20095 - Babel - Upgraded to 2.9.1 - Medium - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0612">SVD-2023-0612</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0612">Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-32717">CVE-2023-32717</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-285</td><td class="advisory-td" label="Bug">SPL-237454</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.14<br /> 8.2.11<br /> 9.0.5<br /> 9.0.2303.100<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.0 to 8.1.13<br /> 8.2.0 to 8.2.10<br /> 9.0.0 to 9.0.4<br /> 9.0.2303 and below<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.14</span><br /> <span>8.2.11</span><br /> <span>9.0.5</span><br /> <span>9.0.2303.100</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">An unauthorized user can access the '/services/indexing/preview' REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. This is because the endpoint does not honor role-based access controls (RBAC) with respect to SID ownership. The exploit requires that the user hold a role that has the 'edit_monitor' and 'edit_upload_and_index' capabilities assigned to it.</td><td class="advisory-td" label="Solution">For Splunk Enterprise, upgrade to versions 9.0.5, 8.2.11, or 8.1.14 and higher. For Splunk Cloud Platform, Splunk is monitoring and patching affected instances.</td><td class="advisory-td" label="Mitigations">Remove the 'edit_monitor' and 'edit_upload_and_index' capabilities from roles that low-privilege user accounts hold. Ensure that all REST endpoints have the proper access control lists (ACLs) applied to them.</td><td class="advisory-td" label="Severity Summary">Splunk rated this vulnerability as Medium, 4.3, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Scott Calvert, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0611">SVD-2023-0611</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0611">Denial of Service via the 'dump' SPL command</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-32716">CVE-2023-32716</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">6.5</td><td class="advisory-td" label="CWE">CWE-754</td><td class="advisory-td" label="Bug">SPL-235572</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.14<br /> 8.2.11<br /> 9.0.5<br /> 9.0.2303.100<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.0 to 8.1.13<br /> 8.2.0 to 8.2.10<br /> 9.0.0 to 9.0.4<br /> 9.0.2303 and below<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.14</span><br /> <span>8.2.11</span><br /> <span>9.0.5</span><br /> <span>9.0.2303.100</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">An attacker can exploit a vulnerability in the 'dump' SPL command to cause a denial of service by crashing the Splunk daemon. If the attacker supplies a longer-than-expected filename with the command, a memory access violation, or segmentation fault, occurs, which results in a crash of the Splunk platform instance.</td><td class="advisory-td" label="Solution">For Splunk Enterprise, upgrade to versions 9.0.5, 8.2.11, 8.1.14, and higher. For Splunk Cloud Platform, Splunk is actively monitoring and patching affected instances.</td><td class="advisory-td" label="Mitigations">Remove the 'run_dump' capability from any roles that users hold.</td><td class="advisory-td" label="Severity Summary">Splunk rated this vulnerability as Medium, 6.5, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0610">SVD-2023-0610</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0610">Self Cross-Site Scripting (XSS) on Splunk App for Lookup File Editing</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-32715">CVE-2023-32715</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N</td><td class="advisory-td" label="CVSS Score">4.7</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">LOOKUP-176</td><td class="advisory-td" label="Affected Product"> Splunk App for Lookup File Editing 4.0<br /></td><td class="advisory-td" label="Fixed Versions"> 4.0.1<br /></td><td class="advisory-td" label="Affected Versions"> 4.0 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>4.0.1</span><br /></td><td class="advisory-td" label="Affected Components"> <br /></td><td class="advisory-td" label="Description">A user can insert potentially malicious JavaScript code into the Splunk App for Lookup File Editing, which causes the code to run on the user’s machine.</td><td class="advisory-td" label="Solution">Upgrade the Splunk App for Lookup Editing to version 4.0.1 or higher.</td><td class="advisory-td" label="Mitigations">Disable the Splunk App for Lookup File Editing if you do not require it and cannot upgrade it. If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf configuration specification file](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) in the Splunk documentation for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rated this vulnerability as Medium, 4.7, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0609">SVD-2023-0609</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0609">Information Disclosure via the ‘copyresults’ SPL Command</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-32710">CVE-2023-32710</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N</td><td class="advisory-td" label="CVSS Score">4.8</td><td class="advisory-td" label="CWE">CWE-200</td><td class="advisory-td" label="Bug">SPL-234996</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.14<br /> 8.2.11<br /> 9.0.5<br /> 9.0.2303.100<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.0 to 8.1.13<br /> 8.2.0 to 8.2.10<br /> 9.0.0 to 9.0.4<br /> 9.0.2303 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.14</span><br /> <span>8.2.11</span><br /> <span>9.0.5</span><br /> <span>9.0.2303.100</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">A low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.</td><td class="advisory-td" label="Solution">For Splunk Enterprise, upgrade versions to 8.1.14, 8.2.11, 9.0.5, or higher. For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">Splunk rated the vulnerability as Medium, 4.8, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0608">SVD-2023-0608</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0608">Path Traversal in Splunk App for Lookup File Editing</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-32714">CVE-2023-32714</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">8.1</td><td class="advisory-td" label="CWE">CWE-35</td><td class="advisory-td" label="Bug">LOOKUP-177</td><td class="advisory-td" label="Affected Product"> Splunk App for Lookup File Editing 4.0<br /></td><td class="advisory-td" label="Fixed Versions"> 4.0.1<br /></td><td class="advisory-td" label="Affected Versions"> 4.0 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>4.0.1</span><br /></td><td class="advisory-td" label="Affected Components"> <br /></td><td class="advisory-td" label="Description">A low-privileged user with access to the Splunk App for Lookup File Editing can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.</td><td class="advisory-td" label="Solution">Upgrade the Splunk App for Lookup Editing to version 4.0.1 or higher.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">Splunk rated the vulnerability as High, 8.1, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Torjus Bryne Retterstøl, Binary Security<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0607">SVD-2023-0607</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0607">Local Privilege Escalation via the ‘streamfwd’ program in Splunk App for Stream</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-32713">CVE-2023-32713</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">7.8</td><td class="advisory-td" label="CWE">CWE-269</td><td class="advisory-td" label="Bug">STREAM-5290</td><td class="advisory-td" label="Affected Product"> Splunk App for Stream 8.1<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.1<br /></td><td class="advisory-td" label="Affected Versions"> 8.1 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.1</span><br /></td><td class="advisory-td" label="Affected Components"> streamfwd<br /></td><td class="advisory-td" label="Description">A low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.</td><td class="advisory-td" label="Solution">Upgrade the Splunk App for Stream to version 8.1.1 or higher.</td><td class="advisory-td" label="Mitigations">* Install the Splunk App for Stream as a high-privileged user, for example, one that has been added to the /etc/sudoers file on the machine that runs the instance (on machines that run *nix). * Limit user access to the ‘streamfwd’ process by removing all but privileged users' ability to run the process. * Disable the Splunk App for Stream if you do not require it and cannot upgrade it.</td><td class="advisory-td" label="Severity Summary">Splunk rated the vulnerability as High, 7.8 with a CVSSv3.1 vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H If the instance does not run the Splunk App for Stream, then there is no impact and the severity is Informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Ben Leonard-Lagarde & Lucas Fedyniak-Hopes (Modux)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0606">SVD-2023-0606</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-10-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0606">Unauthenticated Log Injection in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-32712">CVE-2023-32712</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.6</td><td class="advisory-td" label="CWE">CWE-117</td><td class="advisory-td" label="Bug">SPL-235259</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Enterprise 9.1<br /> Universal Forwarder 8.2<br /> Universal Forwarder 9.0<br /> Universal Forwarder 9.1<br /></td><td class="advisory-td" label="Fixed Versions"> 8.2.11.2<br /> 9.0.5.1<br /> 9.1.0.2<br /> 8.2.12<br /> 9.0.6<br /> 9.1.1<br /></td><td class="advisory-td" label="Affected Versions"> 8.2.0 to 8.2.11.1<br /> 9.0.0 to 9.0.5<br /> 9.1.0 to 9.1.0.1<br /> 8.2.11 and below<br /> 9.0.0 to 9.0.5<br /> 9.1.0 to 9.1.0.1<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.2.11.2</span><br /> <span>9.0.5.1</span><br /> <span>9.1.0.2</span><br /> <span>8.2.12</span><br /> <span>9.0.6</span><br /> <span>9.1.1</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /> REST API<br /> REST API<br /> REST API<br /></td><td class="advisory-td" label="Description">In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the vulnerable application. This attack requires a user to use a terminal application that supports the translation of ANSI escape codes to read the malicious log file locally in the vulnerable terminal, and to perform additional user interaction to exploit. Universal Forwarder versions 9.1.0.1, 9.0.5, 8.2.11, and lower can be vulnerable in the following situations: * The forwarders have been configured to have management services active * The active management services are exposed and accessible from the network By default, all Universal Forwarder 9.0 and 9.1 versions bind management services to the local machine (localhost) and are not vulnerable in this specific configuration. See [SVD-2022-0605](https://advisory.splunk.com/advisories/SVD-2022-0605) for more information. Universal Forwarder versions 9.1 and higher use Unix Domain Sockets (UDS) for communication, further reducing the potential attack surface. The vulnerability does not directly affect Splunk Enterprise or Splunk Universal Forwarder. The indirect impact on the Splunk Enterprise instance and Universal Forwards can vary significantly depending on the permissions in the vulnerable terminal application and where and how the user reads the malicious log file. For example, users can copy the malicious file from the Splunk Enterprise instance and read it on their local machine.</td><td class="advisory-td" label="Solution"> For Splunk Enterprise, upgrade to version 8.2.11.2, 9.0.5.1, or 9.1.0.2. For Splunk Universal Forwarder, upgrade to version 8.2.12, 9.0.6, or 9.1.1. This vulnerability does not affect Splunk Cloud Platform instances directly. Where possible, Splunk Cloud Platform customers with on-premises Splunk infrastructure, including universal and heavy forwarders, deployment servers, and license servers, must upgrade that infrastructure to reduce their attack surface. Upgrading or mitigating the issue prevents future log injections. However, logs that were created before performing the upgrades or mitigations can still pose a risk. Where applicable, remove Splunk Enterprise log files in the $SPLUNK_HOME/var/log/splunk/ directory.</td><td class="advisory-td" label="Mitigations">As a partial mitigation, users can protect themselves from log injections via ANSI escape characters in general, by disabling the ability to process ANSI escape codes in terminal applications or using a terminal application that supports the filtering of ANSI codes. For Universal Forwarder versions 8.2.x, configure management services to only accept inbound connections from the local machine (localhost). For Universal Forwarder versions 9.0.x and 9.1.x, confirm that management services only accept inbound connections from localhost. To deactivate remote management services on Universal Forwarder: * In the [server.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf) configuration file on UF, under the [httpServer] stanza, give the `disableDefaultPort` setting a value of `true`, or, under the [general] stanza, give the `allowRemoteLogin` setting a value of `never`. See [Configure universal forwarder management security](https://docs.splunk.com/Documentation/Splunk/latest/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) in Securing Splunk Enterprise for more information on deactivating remote management services. For improved overall security on UF versions 9.1.x and higher, where applicable, consider configuring the UF to use UDS for communication. In the [server.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf) configuration file, under the [httpServer] stanza, give the `mgmtMode` setting a value of `UDS` (or `default`).</td><td class="advisory-td" label="Severity Summary">Splunk rates the vulnerability as High, 8.6, with a CVSS Vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. **Attack Vector:** The attack initially occurs at the network layer through an HTTP web request from the attacker to the vulnerable Splunk Enterprise instance. However, this initial attack vector does not align with the CVSS metrics for "Attack Vector." In most vulnerabilities that Splunk rates, the vector would align with those metrics, but the CVSS specification provides two qualifications for the "Local" metric. Specifically, the second qualification states the following: _the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)._" The attack mirrors this example, requiring the user to open a malicious document, for example, the injected log file. Because of this, Splunk rated the Attack Vector as "Local" per the CVSS v3.1 Specification Document. **Attack Complexity:** The vulnerability requires no additional preparation from the attacker, and there are no extenuating circumstances for exploiting the vulnerability. **Privileges Required:** The vulnerability does not require attacker privileges and occurs through an unauthenticated request to the Splunk Enterprise instance. **User Interaction:** The vulnerability requires users to open or read the malicious document, file, or log for successful execution. **Scope:** The vulnerability does not affect Splunk Enterprise directly, only indirectly through the authorized permissions in the user’s terminal. The vulnerability directly affects the user’s terminal, which falls outside of Splunk’s security authority. As such, the vulnerability qualifies for a Change in Scope. **Confidentiality/Integrity/Availability:** The vulnerability allows for the potential for remote code execution within the context of a user’s terminal. Because of this, out of an abundance of caution, Splunk rated the impact on the user’s terminal as High for all three vectors. The indirect impact on Splunk Enterprise might vary significantly depending on how the user configured permissions in their terminal application.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> STÖK / Fredrik Alexandersson<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0605">SVD-2023-0605</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0605">Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-32711">CVE-2023-32711</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N</td><td class="advisory-td" label="CVSS Score">5.4</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">SPL-234890</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.14<br /> 8.2.11<br /> 9.0.5<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.0 to 8.1.13<br /> 8.2.0 to 8.2.10<br /> 9.0.0 to 9.0.4<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.14</span><br /> <span>8.2.11</span><br /> <span>9.0.5</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">A Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload.</td><td class="advisory-td" label="Solution">For Splunk Enterprise, upgrade versions to 8.1.14, 8.2.11, 9.0.5, or higher. This vulnerability does not affect Splunk Cloud Platform instances.</td><td class="advisory-td" label="Mitigations">If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See [Disable unnecessary Splunk Enterprise components](https://docs.splunk.com/Documentation/Splunk/latest/Security/DisableunnecessarySplunkcomponents) and the [web.conf configuration specification file](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf) in the Splunk documentation for more information on disabling Splunk Web.</td><td class="advisory-td" label="Severity Summary">Splunk rated the vulnerability as Medium, 5.4, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0604">SVD-2023-0604</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0604">Low-privileged User can View Hashed Default Splunk Password</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-32709">CVE-2023-32709</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-285</td><td class="advisory-td" label="Bug">SPL-235016</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.14<br /> 8.2.11<br /> 9.0.5<br /> 9.0.2303.100<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.0 to 8.1.13<br /> 8.2.0 to 8.2.10<br /> 9.0.0 to 9.0.4<br /> 9.0.2303 and below<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.14</span><br /> <span>8.2.11</span><br /> <span>9.0.5</span><br /> <span>9.0.2303.100</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">A low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.</td><td class="advisory-td" label="Solution">For Splunk Enterprise, upgrade versions to 8.1.14, 8.2.11, 9.0.5, or higher. For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.</td><td class="advisory-td" label="Mitigations">N/A</td><td class="advisory-td" label="Severity Summary">Splunk rated the vulnerability as Medium, 4.3, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N If the initial admin password has been changed, then there is no impact and the severity is Informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0603">SVD-2023-0603</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0603">HTTP Response Splitting via the ‘rest’ SPL Command</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-32708">CVE-2023-32708</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">7.2</td><td class="advisory-td" label="CWE">CWE-113</td><td class="advisory-td" label="Bug">SPL-235203</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.14<br /> 8.2.11<br /> 9.0.5<br /> 9.0.2303.100<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.0 to 8.1.13<br /> 8.2.0 to 8.2.10<br /> 9.0.0 to 9.0.4<br /> 9.0.2303 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.14</span><br /> <span>8.2.11</span><br /> <span>9.0.5</span><br /> <span>9.0.2303.100</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">A low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily, including viewing restricted content.</td><td class="advisory-td" label="Solution">For Splunk Enterprise, upgrade versions to 9.0.5, 8.2.11, 8.1.14, or higher. For Splunk Cloud Platform, Splunk is monitoring and patching affected instances.</td><td class="advisory-td" label="Mitigations">For Splunk Enterprise, limit the number of searches a process can run by editing the limits.conf configuration file and giving the 'max_searches_per_process' setting a value of either 1 or 0. For Splunk Cloud Platform, file a support ticket to adjust this configuration setting.</td><td class="advisory-td" label="Severity Summary">Splunk rated the vulnerability as High, 7.2, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0602">SVD-2023-0602</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0602">‘edit_user’ Capability Privilege Escalation</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-32707">CVE-2023-32707</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8</td><td class="advisory-td" label="CWE">CWE-285</td><td class="advisory-td" label="Bug">SPL-232088</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.14<br /> 8.2.11<br /> 9.0.5<br /> 9.0.2303.100<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.0 to 8.1.13<br /> 8.2.0 to 8.2.10<br /> 9.0.0 to 9.0.4<br /> 9.0.2303 and below<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.14</span><br /> <span>8.2.11</span><br /> <span>9.0.5</span><br /> <span>9.0.2303.100</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">A low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the ‘edit_user’ capability does not honor the ‘grantableRoles’ setting in the authorize.conf configuration file, which prevents this scenario from happening.</td><td class="advisory-td" label="Solution">For Splunk Enterprise, upgrade versions to 9.0.5, 8.2.11, 8.1.14, or higher. For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.</td><td class="advisory-td" label="Mitigations">Confirm that no role, other than the admin role or its equivalent, has the ‘edit_user’ capability assigned to it. Confirm that you neither assign the ‘edit_user’ capability to a role from which other roles inherit, nor that you assign a role with the capability to a user with low or no privileges.</td><td class="advisory-td" label="Severity Summary">Splunk rated the vulnerability as High, 8.8, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Mr Hack (try_to_hack) Santiago Lopez<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0601">SVD-2023-0601</a></td><td label="Published" class="advisory-td">2023-06-01</td><td label="Modified" class="advisory-td">2023-06-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0601">Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-32706">CVE-2023-32706</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">7.7</td><td class="advisory-td" label="CWE">CWE-611</td><td class="advisory-td" label="Bug">SPL-224292</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform 9.0.2303 and below<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.14<br /> 8.2.11<br /> 9.0.5<br /> 9.0.2303.100<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.0 to 8.1.13<br /> 8.2.0 to 8.2.10<br /> 9.0.0 to 9.0.4<br /> <br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.14</span><br /> <span>8.2.11</span><br /> <span>9.0.5</span><br /> <span>9.0.2303.100</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description">An unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon. This happens when an incorrectly configured XML parser receives XML input that contains a reference to an entity expansion. Many recursive references to entity expansions can cause the XML parser to use all available memory on the machine, causing the Splunk daemon to crash or be terminated by the operating system.</td><td class="advisory-td" label="Solution">For Splunk Enterprise, upgrade versions to 8.1.14, 8.2.11, 9.0.5, or higher. For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.</td><td class="advisory-td" label="Mitigations">Disable single sign-on using SAML as an authentication scheme (SAML SSO). For more information on this type of configuration, see [Configure single sign-on with SAML](https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/HowSAMLSSOworks) in the Splunk documentation.</td><td class="advisory-td" label="Severity Summary">Splunk rated the vulnerability as High, 7.7 with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. If the Splunk Enterprise instance does not use SAML SSO for authentication, there is no impact and the severity is Informational.</td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Vikram Ashtaputre, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0215">SVD-2023-0215</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0215">February Third Party Package Updates in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.13<br /> 8.2.10<br /> 9.0.4<br /> 9.0.2209.3<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.12 and lower<br /> 8.2.0 to 8.2.9<br /> 9.0.0 to 9.0.3<br /> 9.0.2209 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.13</span><br /> <span>8.2.10</span><br /> <span>9.0.4</span><br /> <span>9.0.2209.3</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"> CVE-2021-21419 - Python 2.7, eventlet - Upgraded to 2.7.18.4 - Informational - <br /> CVE-2021-28957 - Python 2.7, lxml - Upgraded to 2.7.18.4 - Medium - <br /> CVE-2022-24785 - Moment.js - Upgraded to 2.29.4 - High - <br /> CVE-2022-31129 - Moment.js - Upgraded to 2.29.4 - High - <br /> CVE-2022-32212 - Node.js - Applied patch - High - <br /> CVE-2015-20107 - Python 3.7 - Applied patch - Informational - <br /> CVE-2021-3517 - Libxml2 - Applied patch - High - <br /> CVE-2021-3537 - Libxml2 - Applied patch - Medium - <br /> CVE-2021-3518 - Libxml2 - Applied patch - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0214">SVD-2023-0214</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0214">Splunk Response to the Apache Software Foundation Publishing a Vulnerability on Apache Commons Text (CVE-2022-42889) (Text4Shell)</a></td><td label="Severity" class="advisory-td">Informational</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"> CVE-2022-42889 - - - - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0213">SVD-2023-0213</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0213">Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDK</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22943">CVE-2023-22943</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N</td><td class="advisory-td" label="CVSS Score">4.8</td><td class="advisory-td" label="CWE">CWE-636</td><td class="advisory-td" label="Bug">ADDON-58725</td><td class="advisory-td" label="Affected Product"> Splunk Add-on Builder 4.1<br /> Splunk CloudConnect SDK 3.1<br /></td><td class="advisory-td" label="Fixed Versions"> 4.1.2<br /> 3.1.3<br /></td><td class="advisory-td" label="Affected Versions"> 4.1.1 and lower<br /> 3.1.2 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>4.1.2</span><br /> <span>3.1.3</span><br /></td><td class="advisory-td" label="Affected Components"> cloudconnectlib<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Chris Green<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0212">SVD-2023-0212</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0212">Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22942">CVE-2023-22942</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L</td><td class="advisory-td" label="CVSS Score">5.4</td><td class="advisory-td" label="CWE">CWE-352</td><td class="advisory-td" label="Bug">SPL-232619</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.13<br /> 8.2.10<br /> 9.0.4<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.12 and lower<br /> 8.2.0 to 8.2.9<br /> 9.0.0 to 9.0.3<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.13</span><br /> <span>8.2.10</span><br /> <span>9.0.4</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0211">SVD-2023-0211</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0211">Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22941">CVE-2023-22941</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">6.5</td><td class="advisory-td" label="CWE">CWE-248</td><td class="advisory-td" label="Bug">SPL-232645</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.13<br /> 8.2.10<br /> 9.0.4<br /> 9.0.2212<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.12 and lower<br /> 8.2.0 to 8.2.9<br /> 9.0.0 to 9.0.3<br /> 9.0.2209 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.13</span><br /> <span>8.2.10</span><br /> <span>9.0.4</span><br /> <span>9.0.2212</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> James Ervin, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0210">SVD-2023-0210</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0210">SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22940">CVE-2023-22940</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N</td><td class="advisory-td" label="CVSS Score">6.3</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-232369</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.13<br /> 8.2.10<br /> 9.0.4<br /> 9.0.2212<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.12 and lower<br /> 8.2.0 to 8.2.9<br /> 9.0.0 to 9.0.3<br /> 9.0.2209 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.13</span><br /> <span>8.2.10</span><br /> <span>9.0.4</span><br /> <span>9.0.2212</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> James Ervin, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0209">SVD-2023-0209</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0209">SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22939">CVE-2023-22939</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">8.1</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-230588</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.13<br /> 8.2.10<br /> 9.0.4<br /> 9.0.2209.3<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.12 and lower<br /> 8.2.0 to 8.2.9<br /> 9.0.0 to 9.0.3<br /> 9.0.2209 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.13</span><br /> <span>8.2.10</span><br /> <span>9.0.4</span><br /> <span>9.0.2209.3</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Klevis Luli, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0208">SVD-2023-0208</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0208">Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22938">CVE-2023-22938</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-285</td><td class="advisory-td" label="Bug">SPL-229337</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.13<br /> 8.2.10<br /> 9.0.4<br /> 9.0.2212<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.12 and lower<br /> 8.2.0 to 8.2.9<br /> 9.0.0 to 9.0.3<br /> 9.0.2209 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.13</span><br /> <span>8.2.10</span><br /> <span>9.0.4</span><br /> <span>9.0.2212</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> James Ervin, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0207">SVD-2023-0207</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0207">Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22937">CVE-2023-22937</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-229185</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.13<br /> 8.2.10<br /> 9.0.4<br /> 9.0.2209.3<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.12 and lower<br /> 8.2.0 to 8.2.9<br /> 9.0.0 to 9.0.3<br /> 9.0.2209 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.13</span><br /> <span>8.2.10</span><br /> <span>9.0.4</span><br /> <span>9.0.2209.3</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0206">SVD-2023-0206</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0206">Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22936">CVE-2023-22936</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L</td><td class="advisory-td" label="CVSS Score">6.3</td><td class="advisory-td" label="CWE">CWE-918</td><td class="advisory-td" label="Bug">SPL-228937</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.13<br /> 8.2.10<br /> 9.0.4<br /> 9.0.2209.3<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.12 and lower<br /> 8.2.0 to 8.2.9<br /> 9.0.0 to 9.0.3<br /> 9.0.2209 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.13</span><br /> <span>8.2.10</span><br /> <span>9.0.4</span><br /> <span>9.0.2209.3</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0205">SVD-2023-0205</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0205">SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22935">CVE-2023-22935</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">8.1</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-228738</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.13<br /> 8.2.10<br /> 9.0.4<br /> 9.0.2209.3<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.12 and lower<br /> 8.2.0 to 8.2.9<br /> 9.0.0 to 9.0.3<br /> 9.0.2209 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.13</span><br /> <span>8.2.10</span><br /> <span>9.0.4</span><br /> <span>9.0.2209.3</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0204">SVD-2023-0204</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0204">SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22934">CVE-2023-22934</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">7.3</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-228734</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.13<br /> 8.2.10<br /> 9.0.4<br /> 9.0.2209.3<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.12 and lower<br /> 8.2.0 to 8.2.9<br /> 9.0.0 to 9.0.3<br /> 9.0.2209 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.13</span><br /> <span>8.2.10</span><br /> <span>9.0.4</span><br /> <span>9.0.2209.3</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0203">SVD-2023-0203</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0203">Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22933">CVE-2023-22933</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.0</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">SPL-228264</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.13<br /> 8.2.10<br /> 9.0.4<br /> 9.0.2209<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.12 and lower<br /> 8.2.0 to 8.2.9<br /> 9.0. to 9.0.3<br /> 9.0.2208 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.13</span><br /> <span>8.2.10</span><br /> <span>9.0.4</span><br /> <span>9.0.2209</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0202">SVD-2023-0202</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0202">Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22932">CVE-2023-22932</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">8.0</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">SPL-232819</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> -<br /> -<br /> 9.0.4<br /> 9.0.2209.3<br /></td><td class="advisory-td" label="Affected Versions"> Not affected<br /> Not affected<br /> 9.0.0 to 9.0.3<br /> 9.0.2209 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>-</span><br /> <span>-</span><br /> <span>9.0.4</span><br /> <span>9.0.2209.3</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Tim Coen (foobar7)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0201">SVD-2023-0201</a></td><td label="Published" class="advisory-td">2023-02-14</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2023-0201">‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2023-22931">CVE-2023-22931</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-285</td><td class="advisory-td" label="Bug">SPL-216628</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.13<br /> 8.2.10<br /> -<br /> 8.2.2203<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.12 and lower<br /> 8.2.0 to 8.2.9<br /> Not affected<br /> 8.2.2202 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.13</span><br /> <span>8.2.10</span><br /> <span>-</span><br /> <span>8.2.2203</span><br /></td><td class="advisory-td" label="Affected Components"> Search<br /> Search<br /> -<br /> Search<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> James Ervin, Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1113">SVD-2022-1113</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2023-02-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1113">November Third Party Package updates in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector"></td><td class="advisory-td" label="CVSS Score"></td><td class="advisory-td" label="CWE"></td><td class="advisory-td" label="Bug"></td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> 9.0.2<br /> 9.0.2209<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.8<br /> 9.0.0 to 9.0.1<br /> 9.0.2208 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span>9.0.2</span><br /> <span>9.0.2209</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"> CVE-2020-36518 - jackson-databind - Upgraded to 2.13.2.1 - High - <br /> CVE-2021-32036 - mongodb - Updgraded to 4.2.19 or 4.2.17-v4 - Medium - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1112">SVD-2022-1112</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2022-11-02</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1112">Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-43572">CVE-2022-43572</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">7.5, High</td><td class="advisory-td" label="CWE">CWE-400</td><td class="advisory-td" label="Bug">SPL-224974</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> 9.0.2<br /> 9.0.2209.3<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.8<br /> 9.0.0 to 9.0.1<br /> 9.0.2209 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span>9.0.2</span><br /> <span>9.0.2209.3</span><br /></td><td class="advisory-td" label="Affected Components"> Indexing<br /> Indexing<br /> Indexing<br /> Indexing<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1111">SVD-2022-1111</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2022-11-02</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1111">Remote Code Execution through dashboard PDF generation component in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-43571">CVE-2022-43571</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8, High</td><td class="advisory-td" label="CWE">CWE-94</td><td class="advisory-td" label="Bug">SPL-228720</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> 9.0.2<br /> 9.0.2209<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.8<br /> 9.0.0 to 9.0.1<br /> 9.0.2208 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span>9.0.2</span><br /> <span>9.0.2209</span><br /></td><td class="advisory-td" label="Affected Components"> <br /> <br /> <br /> <br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1110">SVD-2022-1110</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2022-11-02</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1110">XML External Entity Injection through a custom View in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-43570">CVE-2022-43570</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8, High</td><td class="advisory-td" label="CWE">CWE-611</td><td class="advisory-td" label="Bug">SPL-228310</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> 9.0.2<br /> 9.0.2209<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.8<br /> 9.0.0 to 9.0.1<br /> 9.0.2208 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span>9.0.2</span><br /> <span>9.0.2209</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1109">SVD-2022-1109</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2022-11-02</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1109">Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-43569">CVE-2022-43569</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.0, High</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">SPL-228087</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> 9.0.2<br /> 9.0.2209<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.8<br /> 9.0.0 to 9.0.1<br /> 9.0.2208 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span>9.0.2</span><br /> <span>9.0.2209</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1108">SVD-2022-1108</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2022-11-02</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1108">Reflected Cross-Site Scripting via the radio template in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-43568">CVE-2022-43568</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8, High</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">SPL-228379</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> 9.0.2<br /> 9.0.2205<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.8<br /> 9.0.0 to 9.0.1<br /> 9.0.2203.4 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span>9.0.2</span><br /> <span>9.0.2205</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1107">SVD-2022-1107</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2022-11-02</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1107">Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-43567">CVE-2022-43567</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8, High</td><td class="advisory-td" label="CWE">CWE-502</td><td class="advisory-td" label="Bug">SPL-226837</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform Splunk Secure Gateway<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> 9.0.2<br /> 9.0.2205<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.8<br /> 9.0.0 to 9.0.1<br /> 9.0.2203.4 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span>9.0.2</span><br /> <span>9.0.2205</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Secure Gateway<br /> Splunk Secure Gateway<br /> Splunk Secure Gateway<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1106">SVD-2022-1106</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2022-11-02</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1106">Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-43566">CVE-2022-43566</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">7.3, High</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-223730</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> 9.0.2<br /> 9.0.2208<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.8<br /> 9.0.0 to 9.0.1<br /> 9.0.2205 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span>9.0.2</span><br /> <span>9.0.2208</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1105">SVD-2022-1105</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2022-11-02</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1105">Risky command safeguards bypass via ‘tstats’ command JSON in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-43565">CVE-2022-43565</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">8.1, High</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-224121</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> <br /> 9.0.2203<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.8<br /> Not affected<br /> 9.0.2202 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span></span><br /> <span>9.0.2203</span><br /></td><td class="advisory-td" label="Affected Components"> Search<br /> Search<br /> <br /> Search<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Cuong Dong at Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1104">SVD-2022-1104</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2022-11-02</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1104">Denial of Service in Splunk Enterprise through search macros</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-43564">CVE-2022-43564</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">4.9, Medium</td><td class="advisory-td" label="CWE">CWE-400</td><td class="advisory-td" label="Bug">SPL-220964</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> <br /> 9.0.2205<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.8<br /> Not affected<br /> 9.0.2203.4 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span></span><br /> <span>9.0.2205</span><br /></td><td class="advisory-td" label="Affected Components"> REST API<br /> REST API<br /> <br /> REST API<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1103">SVD-2022-1103</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2022-11-11</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1103">Risky command safeguards bypass via 'rex' search command field names in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-43563">CVE-2022-43563</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">8.1, High</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-223646</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> <br /> 9.0.2203<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.8<br /> Not affected<br /> 9.0.2202 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span></span><br /> <span>9.0.2203</span><br /></td><td class="advisory-td" label="Affected Components"> Search<br /> Search<br /> <br /> Search<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Cuong Dong at Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1102">SVD-2022-1102</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2022-11-02</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1102">Host Header Injection in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">Low</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-43562">CVE-2022-43562</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N</td><td class="advisory-td" label="CVSS Score">3.0, Low</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-224156</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> 9.0.2<br /> 9.0.2208<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.8<br /> 9.0.0 to 9.0.1<br /> 9.0.2205 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span>9.0.2</span><br /> <span>9.0.2208</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Ali Mirheidari at Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1101">SVD-2022-1101</a></td><td label="Published" class="advisory-td">2022-11-02</td><td label="Modified" class="advisory-td">2022-11-02</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1101">Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-43561">CVE-2022-43561</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">6.4, Medium</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">SPL-207040</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.12<br /> 8.2.9<br /> 9.0.2<br /> 9.0.2208<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.11 and lower<br /> 8.2.0 to 8.2.7=8<br /> 9.0.0 to 9.0.1<br /> 9.0.2205 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.12</span><br /> <span>8.2.9</span><br /> <span>9.0.2</span><br /> <span>9.0.2208</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Mr Hack (try_to_hack)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1114">SVD-2022-1114</a></td><td label="Published" class="advisory-td">2022-11-01</td><td label="Modified" class="advisory-td">2022-11-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-1114">Splunk’s response to OpenSSL’s CVE-2022-3602 and CVE-2022-3786</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector"></td><td class="advisory-td" label="CVSS Score"></td><td class="advisory-td" label="CWE"></td><td class="advisory-td" label="Bug"></td><td class="advisory-td" label="Affected Product"> Splunk Enterprise <br /> Universal Forwarders <br /> Splunk Cloud Platform <br /> Splunk Observatibility Platform <br /> SOAR Cloud <br /> SOAR <br /> SOAR Automation Broker <br /> Enterprise Security <br /> Splunk Security Essentials <br /> IT Service Intelligence <br /> Splunk UBA <br /> Data Stream Processor <br /> Splunk Addon for Active Directory <br /> Splunk Addon for Add-on for Infrastructure <br /> Splunk Addon for Add-on for Microsoft Exchange <br /> Splunk Addon for Add-on for VMware <br /> Splunk Addon for Amazon Kinesis Firehose <br /> Splunk Addon for Amazon Web Services <br /> Splunk Addon for Apache Web Server <br /> Splunk Addon for Bit9 Carbon Black <br /> Splunk Addon for Blue Coat ProxySG <br /> Splunk Addon for BMC Remedy <br /> Splunk Addon for Box <br /> Splunk Addon for Bromium <br /> Splunk Addon for Check Point OPSEC LEA <br /> Splunk Addon for Cisco ASA <br /> Splunk Addon for Cisco ESA <br /> Splunk Addon for Cisco FireSIGHT <br /> Splunk Addon for Cisco Identity Services <br /> Splunk Addon for Cisco UCS <br /> Splunk Addon for Citrix NetScaler <br /> Splunk Addon for CyberArk <br /> Splunk Addon for F5 BIG-IP <br /> Splunk Addon for Forcepoint Web Security <br /> Splunk Addon for Google Cloud Platform <br /> Splunk Addon for HAProxy <br /> Splunk Addon for IBM WebSphere Application Server <br /> Splunk Addon for Imperva SecureSphere WAF <br /> Splunk Addon for Infoblox <br /> Splunk Addon for ISC BIND <br /> Splunk Addon for ISC DHCP <br /> Splunk Addon for Java Management Extensions <br /> Splunk Addon for JBoss <br /> Splunk Addon for Juniper <br /> Splunk Addon for Kafka <br /> Splunk Addon for Linux <br /> Splunk Addon for McAfee <br /> Splunk Addon for McAfee Web Gateway <br /> Splunk Addon for Microsoft Cloud Services <br /> Splunk Addon for Microsoft Hyper-V <br /> Splunk Addon for Microsoft IIS <br /> Splunk Addon for Microsoft Office 365 <br /> Splunk Addon for Microsoft SQL Server <br /> Splunk Addon for Microsoft Windows <br /> Splunk Addon for MySQL <br /> Splunk Addon for Nagios Core <br /> Splunk Addon for NGINX <br /> Splunk Addon for OPC <br /> Splunk Addon for Oracle Database <br /> Splunk Addon for OSSEC <br /> Splunk Addon for RSA DLP <br /> Splunk Addon for RSA SecurID <br /> Splunk Addon for Salesforce <br /> Splunk Addon for ServiceNow <br /> Splunk Addon for Sophos <br /> Splunk Addon for Squid Proxy <br /> Splunk Addon for Stream Addon for Wire Data <br /> Splunk Addon for Symantec DLP <br /> Splunk Addon for Symantec Endpoint Protection <br /> Splunk Addon for Tomcat <br /> Splunk Addon for Unix and Linux <br /> Splunk Addon for Websense DLP <br /> Splunk Addon for Zeek <br /> Splunk App for AWS <br /> Splunk App for Common Information Model (CIM) <br /> Splunk App for DB Connect <br /> Splunk App for DB Connect - Older Unsupported versions <br /> Splunk App for Info Sec <br /> Splunk App for InfoSec App for Splunk <br /> Splunk App for Infrastructure <br /> Splunk App for IT Essentials Learn <br /> Splunk App for IT Essentials Work <br /> Splunk App for Machine Learning Toolkit (MLTK) and Python for Scientific Computing (PSC) <br /> Splunk App for Microsoft Exchange <br /> Splunk App for NetApp Data ONTAP <br /> Splunk App for PCI Compliance <br /> Splunk App for Security Essentials <br /> Splunk App for Splunk Product Guidance <br /> Splunk App for Stream <br /> Splunk App for Unix and Linux <br /> Splunk App for VMware <br /> Splunk App for Windows <br /> Splunk App for Windows Infrastructure <br /> Splunk Add-on Builder <br /> Splunk AppInspect <br /> Splunk SDKs <br /> Splunk Logging Library for Java <br /> Security Analytics for AWS <br /> Splunk Add-on for VMware Metrics <br /> Splunk App for Content Packs <br /> Splunk App for Infrastructure (SAI) <br /> Splunk App for Mint <br /> Splunk Application Performance Monitoring <br /> Splunk Assist <br /> Splunk Augmented Reality <br /> Splunk Cloud Data Manager (SCDM) <br /> Splunk Cloud Developer Edition <br /> Splunk Connect for Kafka <br /> Splunk Connect for Kubernetes <br /> Splunk Connect for Kubernetes-OpenTelemetry <br /> Splunk Connect for SNMP <br /> Splunk Connect for Syslog <br /> Splunk DB TA LAR <br /> Splunk Edge Hub <br /> Splunk Enterprise Amazon Machine Image (AMI) <br /> Splunk Enterprise Docker Container <br /> Splunk Infrastructure Monitoring <br /> Splunk Log Observer <br /> Splunk Mint Android SDK <br /> Splunk Mint IOS SDK <br /> Splunk Mint Management console <br /> Splunk Mobile <br /> Splunk Network Performance Monitoring <br /> Splunk On-Call/Victor Ops/SSA <br /> Splunk OVA for VMware <br /> Splunk OVA for VMWare Metrics <br /> Splunk Profiling <br /> Splunk Real User Monitoring <br /> Splunk Secure Gateway <br /> Behavioral Analytics <br /> Splunk Stream Forwarder <br /> Splunk Synthetics <br /> Splunk TV <br /> Splunk UBA OVA Software <br /> Splunk VMWare OVA for ITSI <br /></td><td class="advisory-td" label="Fixed Versions"> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /></td><td class="advisory-td" label="Affected Versions"> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /> Not affected<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /> <span></span><br /></td><td class="advisory-td" label="Affected Components"> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"> CVE-2022-3602 - OpenSSL - NA - High - <br /> CVE-2022-3786 - OpenSSL - NA - High - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0804">SVD-2022-0804</a></td><td label="Published" class="advisory-td">2022-08-16</td><td label="Modified" class="advisory-td">2023-03-08</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0804">August Third Party Package updates in Splunk Enterprise and Universal Forwarders</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector"></td><td class="advisory-td" label="CVSS Score"></td><td class="advisory-td" label="CWE"></td><td class="advisory-td" label="Bug"></td><td class="advisory-td" label="Affected Product"> Universal Forwarder 8.1<br /> Universal Forwarder 8.2<br /> Universal Forwarder 9.0<br /> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.11<br /> 8.2.7.1<br /> 9.0.1<br /> 8.1.11<br /> 8.2.7.1<br /> 9.0.1<br /> 9.0.2205<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.10 and lower<br /> 8.2.0 to 8.2.7<br /> 9.0.0<br /> 8.1.10 and lower<br /> 8.2.0 to 8.2.7<br /> 9.0.0<br /> 8.2.2203.4 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.11</span><br /> <span>8.2.7.1</span><br /> <span>9.0.1</span><br /> <span>8.1.11</span><br /> <span>8.2.7.1</span><br /> <span>9.0.1</span><br /> <span>9.0.2205</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /> -<br /> -<br /> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"> CVE-2022-2068 - OpenSSL1.0.2 - Upgraded to OpenSSL 1.0.2zf - Informational - <br /> CVE-2021-3541 - libxml2 - Applied patch - Medium - <br /> CVE-2022-29824 - libxml2 - Applied patch - Medium - <br /> CVE-2022-23308 - libxml2 - Applied patch - Informational - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0803">SVD-2022-0803</a></td><td label="Published" class="advisory-td">2022-08-16</td><td label="Modified" class="advisory-td">2022-08-16</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0803">Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-37439">CVE-2022-37439</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">5.5</td><td class="advisory-td" label="CWE">CWE-409</td><td class="advisory-td" label="Bug">TBD</td><td class="advisory-td" label="Affected Product"> Universal Forwarder 8.1<br /> Universal Forwarder 8.2<br /> Universal Forwarder 9.0<br /> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.11<br /> 8.2.7.1<br /> -<br /> 8.1.11<br /> 8.2.7.1<br /> -<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.10 and lower<br /> 8.2.0 to 8.2.7<br /> Not affected<br /> 8.1.10 and lower<br /> 8.2.0 to 8.2.7<br /> Not affected<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.11</span><br /> <span>8.2.7.1</span><br /> <span>-</span><br /> <span>8.1.11</span><br /> <span>8.2.7.1</span><br /> <span>-</span><br /></td><td class="advisory-td" label="Affected Components"> Monitor Processor<br /> Monitor Processor<br /> -<br /> Monitor Processor<br /> Monitor Processor<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Tim Ip at Adobe and Collegiate Penetration Testing Competition (CPTC)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0802">SVD-2022-0802</a></td><td label="Published" class="advisory-td">2022-08-16</td><td label="Modified" class="advisory-td">2022-08-16</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0802">Information disclosure via the dashboard drilldown in Splunk Enterprise</a></td><td label="Severity" class="advisory-td">Low</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-37438">CVE-2022-37438</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N</td><td class="advisory-td" label="CVSS Score">2.6</td><td class="advisory-td" label="CWE">CWE-200</td><td class="advisory-td" label="Bug">SPL-221531</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /> Splunk Cloud Platform <br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.11<br /> 8.2.7.1<br /> 9.0.1<br /> 9.0.2205<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.10 and lower<br /> 8.2.0 to 8.2.7<br /> 9.0.0<br /> 8.2.2203.4 and lower<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.11</span><br /> <span>8.2.7.1</span><br /> <span>9.0.1</span><br /> <span>9.0.2205</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Eric LaMothe at Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0801">SVD-2022-0801</a></td><td label="Published" class="advisory-td">2022-08-16</td><td label="Modified" class="advisory-td">2022-08-16</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0801">Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-37437">CVE-2022-37437</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">7.4</td><td class="advisory-td" label="CWE">CWE-295</td><td class="advisory-td" label="Bug">SPL-224209</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> -<br /> -<br /> 9.0.1<br /></td><td class="advisory-td" label="Affected Versions"> Not affected<br /> Not affected<br /> 9.0.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>-</span><br /> <span>-</span><br /> <span>9.0.1</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> Ingest Actions<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Eric LaMothe at Splunk<br /> Ali Mirheidari at Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0608">SVD-2022-0608</a></td><td label="Published" class="advisory-td">2022-08-16</td><td label="Modified" class="advisory-td">2022-07-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0608">Splunk Enterprise deployment servers allow client publishing of forwarder bundles</a></td><td label="Severity" class="advisory-td">Critical</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-32158">CVE-2022-32158</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">9.0</td><td class="advisory-td" label="CWE">CWE-284</td><td class="advisory-td" label="Bug">SPL-176829</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.10.1<br /> 8.2.6.1<br /> -<br /></td><td class="advisory-td" label="Affected Versions"> Versions before 8.1.10.1<br /> 8.2.0 to 8.2.6<br /> Not affected<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.10.1</span><br /> <span>8.2.6.1</span><br /> <span>-</span><br /></td><td class="advisory-td" label="Affected Components"> Deployment Server<br /> Deployment Server<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Nadim Taha at Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0607">SVD-2022-0607</a></td><td label="Published" class="advisory-td">2022-08-16</td><td label="Modified" class="advisory-td">2022-07-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0607">Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-32157">CVE-2022-32157</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</td><td class="advisory-td" label="CVSS Score">7.5</td><td class="advisory-td" label="CWE">CWE-306</td><td class="advisory-td" label="Bug">SPL-176828</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.0<br /></td><td class="advisory-td" label="Affected Versions"> Versions before 9.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.0</span><br /></td><td class="advisory-td" label="Affected Components"> Deployment Server<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Nadim Taha at Splunk<br /> Paul Schultze at E.ON Digital Technology GmbH<br /> Martin Müller at Consist<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0606">SVD-2022-0606</a></td><td label="Published" class="advisory-td">2022-06-14</td><td label="Modified" class="advisory-td">2022-07-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0606">Splunk Enterprise and Universal Forwarder CLI connections lacked TLS certificate validation</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-32156">CVE-2022-32156</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">7.4</td><td class="advisory-td" label="CWE">CWE-295</td><td class="advisory-td" label="Bug">SPL-49451</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Universal Forwarder 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.0<br /> 9.0.0<br /></td><td class="advisory-td" label="Affected Versions"> Versions before 9.0<br /> Versions before 9.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.0</span><br /> <span>9.0.0</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Chris Green at Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0605">SVD-2022-0605</a></td><td label="Published" class="advisory-td">2022-06-14</td><td label="Modified" class="advisory-td">2022-06-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0605">Universal Forwarder management services allow remote login by default</a></td><td label="Severity" class="advisory-td">Info</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-32155">CVE-2022-32155</a></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-140396</td><td class="advisory-td" label="Affected Product"> Universal Forwarder 9.0<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.0<br /></td><td class="advisory-td" label="Affected Versions"> Versions before 9.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.0</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Chris Green at Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0604">SVD-2022-0604</a></td><td label="Published" class="advisory-td">2022-06-14</td><td label="Modified" class="advisory-td">2022-07-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0604">Risky commands warnings in Splunk Enterprise dashboards</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-32154">CVE-2022-32154</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">6.8</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-201816</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.0<br /> 8.1.2106<br /></td><td class="advisory-td" label="Affected Versions"> Versions before 9.0<br /> Versions before 8.1.2106<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.0</span><br /> <span>8.1.2106</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Chris Green at Splunk<br /> Danylo Dmytriiev (DDV_UA)<br /> Anton (therceman)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0603">SVD-2022-0603</a></td><td label="Published" class="advisory-td">2022-06-14</td><td label="Modified" class="advisory-td">2022-07-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0603">Splunk Enterprise lacked TLS host name certificate validation</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-32153">CVE-2022-32153</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.1</td><td class="advisory-td" label="CWE">CWE-297</td><td class="advisory-td" label="Bug">SPL-202894</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.0<br /> 8.2.2203<br /></td><td class="advisory-td" label="Affected Versions"> Versions before 9.0<br /> Versions before 8.2.2203<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.0</span><br /> <span>8.2.2203</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Chris Green at Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0602">SVD-2022-0602</a></td><td label="Published" class="advisory-td">2022-06-14</td><td label="Modified" class="advisory-td">2022-07-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0602">Splunk Enterprise lacked TLS certificate validation for Splunk-to-Splunk communication by default</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-32152">CVE-2022-32152</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.1</td><td class="advisory-td" label="CWE">CWE-295</td><td class="advisory-td" label="Bug">SPL-114067, SPL-138957</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.0<br /> 8.2.2203<br /></td><td class="advisory-td" label="Affected Versions"> Versions before 9.0<br /> Versions before 8.2.2203<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.0</span><br /> <span>8.2.2203</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Chris Green at Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0601">SVD-2022-0601</a></td><td label="Published" class="advisory-td">2022-06-14</td><td label="Modified" class="advisory-td">2022-07-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0601">Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-32151">CVE-2022-32151</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N</td><td class="advisory-td" label="CVSS Score">7.4</td><td class="advisory-td" label="CWE">CWE-295</td><td class="advisory-td" label="Bug">SPL-173641, SPL-129677</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 9.0<br /> Splunk Cloud Platform -<br /></td><td class="advisory-td" label="Fixed Versions"> 9.0.0<br /> 8.2.2203<br /></td><td class="advisory-td" label="Affected Versions"> Versions before 9.0<br /> Versions before 8.2.2203<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>9.0.0</span><br /> <span>8.2.2203</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Chris Green at Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0507">SVD-2022-0507</a></td><td label="Published" class="advisory-td">2022-05-03</td><td label="Modified" class="advisory-td">2022-05-03</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0507">Error message discloses internal path</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-26070">CVE-2022-26070</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">CWE-200</td><td class="advisory-td" label="Bug">SPL-180503</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.0<br /></td><td class="advisory-td" label="Affected Versions"> Versions below 8.1<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.0</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Dipak Prajapati (Lethal)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0506">SVD-2022-0506</a></td><td label="Published" class="advisory-td">2022-05-03</td><td label="Modified" class="advisory-td">2022-05-03</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0506">Path Traversal in search parameter results in external content injection</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-26889">CVE-2022-26889</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8</td><td class="advisory-td" label="CWE">CWE-20</td><td class="advisory-td" label="Bug">SPL-197247</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.2<br /> -<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.1 and earlier<br /> Not affected<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.2</span><br /> <span>-</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Web<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Jason Tsang Mui Chung<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0505">SVD-2022-0505</a></td><td label="Published" class="advisory-td">2022-05-03</td><td label="Modified" class="advisory-td">2022-05-03</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0505">Reflected XSS in a query parameter of the Monitoring Console</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2022-27183">CVE-2022-27183</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8</td><td class="advisory-td" label="CWE">CWE-79</td><td class="advisory-td" label="Bug">SPL-201205</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.4<br /> -<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.3 and earlier<br /> Not affected<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.4</span><br /> <span>-</span><br /></td><td class="advisory-td" label="Affected Components"> Splunk Monitoring Console<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Danylo Dmytriiev (DDV_UA)<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0504">SVD-2022-0504</a></td><td label="Published" class="advisory-td">2022-05-03</td><td label="Modified" class="advisory-td">2022-05-03</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0504">Bypass of Splunk Enterprise's implementation of DUO MFA</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2021-26253">CVE-2021-26253</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.1</td><td class="advisory-td" label="CWE">CWE-287</td><td class="advisory-td" label="Bug">SPL-172887</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.6<br /> -<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.5 and earlier<br /> Not affected<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.6</span><br /> <span>-</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Sanket Bhimani<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0503">SVD-2022-0503</a></td><td label="Published" class="advisory-td">2022-05-03</td><td label="Modified" class="advisory-td">2022-05-03</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0503">S2S TcpToken authentication bypass </a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2021-31559">CVE-2021-31559</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</td><td class="advisory-td" label="CVSS Score">7.5</td><td class="advisory-td" label="CWE">CWE-288</td><td class="advisory-td" label="Bug">SPL-203370</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.5<br /> 8.2.1<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.4 and earlier<br /> 8.2.0<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.5</span><br /> <span>8.2.1</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Chris Samley at GE<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0502">SVD-2022-0502</a></td><td label="Published" class="advisory-td">2022-05-03</td><td label="Modified" class="advisory-td">2022-05-03</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0502">Username enumeration through lockout message in REST API</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2021-33845">CVE-2021-33845</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</td><td class="advisory-td" label="CVSS Score">5.3</td><td class="advisory-td" label="CWE">CWE-203</td><td class="advisory-td" label="Bug">SPL-194168</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.7<br /> -<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.6 and earlier<br /> Not affected<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.7</span><br /> <span>-</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Kyle Bambrick at Splunk<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0501">SVD-2022-0501</a></td><td label="Published" class="advisory-td">2022-05-03</td><td label="Modified" class="advisory-td">2022-05-03</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0501">Local privilege escalation via a default path in Splunk Enterprise Windows</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2021-42743">CVE-2021-42743</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</td><td class="advisory-td" label="CVSS Score">8.8</td><td class="advisory-td" label="CWE">CWE-427</td><td class="advisory-td" label="Bug">SPL-195186</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /></td><td class="advisory-td" label="Fixed Versions"> 8.1.1<br /> -<br /></td><td class="advisory-td" label="Affected Versions"> 8.1.0 and earlier<br /> Not affected<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>8.1.1</span><br /> <span>-</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0301">SVD-2022-0301</a></td><td label="Published" class="advisory-td">2022-03-24</td><td label="Modified" class="advisory-td">2022-05-03</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SVD-2022-0301">Indexer denial-of-service via malformed S2S request</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"> <a class="advisory-no-link advisory-link" rel="nofollow noopener noreferrer" href="https://www.cve.org/CVERecord?id=CVE-2021-3422">CVE-2021-3422</a></td><td class="advisory-td" label="CVSS Vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</td><td class="advisory-td" label="CVSS Score">7.5</td><td class="advisory-td" label="CWE">CWE-125</td><td class="advisory-td" label="Bug">SPL-198396</td><td class="advisory-td" label="Affected Product"> Splunk Enterprise 7.3<br /> Splunk Enterprise 8.0<br /> Splunk Enterprise 8.1<br /> Splunk Enterprise 8.2<br /></td><td class="advisory-td" label="Fixed Versions"> 7.3.9<br /> 8.0.9<br /> 8.1.3<br /> -<br /></td><td class="advisory-td" label="Affected Versions"> 7.3.8 and earlier<br /> 8.0.0 to 8.0.8<br /> 8.1.0 to 8.1.2<br /> Not affected<br /></td><td class="affected-versions-datatable" label="All Affected Versions"> <span>7.3.9</span><br /> <span>8.0.9</span><br /> <span>8.1.3</span><br /> <span>-</span><br /></td><td class="advisory-td" label="Affected Components"> -<br /> -<br /> -<br /> -<br /></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"> Sharon Brizinov and Tal Keren of Claroty<br /></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/log4j">SVD-2021-1201</a></td><td label="Published" class="advisory-td">2021-12-10</td><td label="Modified" class="advisory-td">2022-01-07</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/log4j">Splunk Security Advisory for Apache Log4j (CVE-2021-44228, CVE-2021-45046 and others)</a></td><td label="Severity" class="advisory-td">Critical</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector"></td><td class="advisory-td" label="CVSS Score"></td><td class="advisory-td" label="CWE"></td><td class="advisory-td" label="Bug"></td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"> CVE-2021-44228 - - - - <br /> CVE-2021-45046 - - - - <br /></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAQAF">SP-CAAAQAF</a></td><td label="Published" class="advisory-td">2019-02-19</td><td label="Modified" class="advisory-td">2019-02-19</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAQAF">Persistent Cross Site Scripting in Splunk Web (SPL-138827, CVE-2019-5727)</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">7.3</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-138827</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAQAD">SP-CAAAQAD</a></td><td label="Published" class="advisory-td">2019-01-14</td><td label="Modified" class="advisory-td">2019-01-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAQAD">Untrusted TLS server certs verification is not present (CVE-2019-5729)</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP5T">SP-CAAAP5T</a></td><td label="Published" class="advisory-td">2018-09-28</td><td label="Modified" class="advisory-td">2018-09-28</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP5T">Splunk Enterprise and Splunk Light address multiple vulnerabilities</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP5E">SP-CAAAP5E</a></td><td label="Published" class="advisory-td">2018-06-18</td><td label="Modified" class="advisory-td">2018-06-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP5E">Splunk response to CVE-2018-11409: Information Exposure</a></td><td label="Severity" class="advisory-td">Low</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPUE">SP-CAAAPUE</a></td><td label="Published" class="advisory-td">2017-12-15</td><td label="Modified" class="advisory-td">2016-12-22</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPUE">Splunk Enterprise 6.4.5 addresses multiple vulnerabilities</a></td><td label="Severity" class="advisory-td">-</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-129207, SPL-128812</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP3M">SP-CAAAP3M</a></td><td label="Published" class="advisory-td">2017-11-27</td><td label="Modified" class="advisory-td">2017-11-27</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP3M">Splunk response to Potential Local Privilege Escalation through instructions to run Splunk as non-root user</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP3K">SP-CAAAP3K</a></td><td label="Published" class="advisory-td">2017-11-14</td><td label="Modified" class="advisory-td">2017-11-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP3K">Splunk Enterprise 7.0.0.1/7.0.1, 6.6.3.2/6.6.4, 6.5.6, 6.4.9 and 6.3.12 address multiple SAML vulnerabilitiesSplunk Enterprise and Splunk Light address multiple vulnerabilities</a></td><td label="Severity" class="advisory-td">Critical</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP3H">SP-CAAAP3H</a></td><td label="Published" class="advisory-td">2017-08-21</td><td label="Modified" class="advisory-td">2017-08-21</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP3H">Splunk Enterprise 6.6.3 and Splunk Light 6.6.3 address multiple vulnerabilities</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP2U">SP-CAAAP2U</a></td><td label="Published" class="advisory-td">2017-06-06</td><td label="Modified" class="advisory-td">2017-07-24</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP2U">Splunk Enterprise 6.3.11 and Splunk Light 6.5.3 address one vulnerability</a></td><td label="Severity" class="advisory-td">Low</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-135602</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPZ3">SP-CAAAPZ3</a></td><td label="Published" class="advisory-td">2017-05-05</td><td label="Modified" class="advisory-td">2017-05-12</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPZ3">Splunk Enterprise 6.5.3, 6.2.13.1 and Splunk Light 6.5.2 address multiple vulnerabilities</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP2F">ERP-2041</a></td><td label="Published" class="advisory-td">2017-05-05</td><td label="Modified" class="advisory-td">2017-05-12</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP2F">Splunk response to Path Traversal vulnerability in Splunk Hadoop Connect App</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP2K">SP-CAAAP2K</a></td><td label="Published" class="advisory-td">2017-03-24</td><td label="Modified" class="advisory-td">2017-03-24</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAP2K">Splunk Enterprise 6.4.7 and Splunk Light 6.5.3 address multiple vulnerabilities</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-135650, SPL-137327, SPL-135341</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPYC">SP-CAAAPYC</a></td><td label="Published" class="advisory-td">2017-02-23</td><td label="Modified" class="advisory-td">2017-08-07</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPYC">Splunk Enterprise 6.4.6 and Splunk Light 6.5.2 address one vulnerability</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPW8">SP-CAAAPW8</a></td><td label="Published" class="advisory-td">2017-01-25</td><td label="Modified" class="advisory-td">2017-01-25</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPW8">Splunk Enterprise 6.2.13 addresses multiple vulnerabilities</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-130721, SPL-130279</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPSV">SP-CAAAPSV</a></td><td label="Published" class="advisory-td">2016-11-12</td><td label="Modified" class="advisory-td">2016-12-22</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPSV">Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities</a></td><td label="Severity" class="advisory-td">-</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPSR">SP-CAAAPSR</a></td><td label="Published" class="advisory-td">2016-11-10</td><td label="Modified" class="advisory-td">2017-06-06</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPSR">Splunk Enterprise 6.5.0, 6.4.4, 6.3.8, 6.2.12, 6.1.12, 6.0.13, and 5.0.17 address multiple vulnerabilitiess</a></td><td label="Severity" class="advisory-td">-</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPQ6">SP-CAAAPQ6</a></td><td label="Published" class="advisory-td">2016-08-22</td><td label="Modified" class="advisory-td">2016-08-22</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPQ6">Splunk Enterprise 6.4.3 and Splunk Light 6.4.3 address one vulnerability</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-117212</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPQM">SP-CAAAPQM</a></td><td label="Published" class="advisory-td">2016-07-28</td><td label="Modified" class="advisory-td">2016-07-28</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPQM">Splunk Enterprise 6.4.2, 6.3.6, 6.2.11, 6.1.11, 6.0.12, 5.0.16 and Splunk Light 6.4.2 address multiple security vulnerabilities</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPN9">SP-CAAAPN9</a></td><td label="Published" class="advisory-td">2016-06-06</td><td label="Modified" class="advisory-td">2016-06-06</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPN9">Splunk Enterprise 6.3.5 and Splunk Light 6.3.5 address two vulnerabilities</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPKV">SP-CAAAPKV</a></td><td label="Published" class="advisory-td">2016-04-06</td><td label="Modified" class="advisory-td">2016-04-06</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPKV">Splunk Enterprise 6.3.3.4, 6.2.9. 6.1.10, 6.0.11, and 5.0.15 and Splunk Light 6.3.3.4 and 6.2.9 address multiple vulnerabilities</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPC3">SP-CAAAPC3</a></td><td label="Published" class="advisory-td">2015-11-19</td><td label="Modified" class="advisory-td">2015-11-19</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPC3">Splunk response to Path Traversal vulnerability in Splunk Hadoop Connect App</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-106324</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPAM">SP-CAAAPAM</a></td><td label="Published" class="advisory-td">2015-09-14</td><td label="Modified" class="advisory-td">2015-09-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAPAM">Splunk 4.2.3 addresses two vulnerabilities</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-104724</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAN7C">SP-CAAAN7C</a></td><td label="Published" class="advisory-td">2015-07-07</td><td label="Modified" class="advisory-td">2015-07-07</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAN7C">Splunk Enterprise 6.2.4 and Splunk Light 6.2.4 address two vulnerabilities</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-101718, SPL-100313</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAN4P">SP-CAAAN4P</a></td><td label="Published" class="advisory-td">2015-05-27</td><td label="Modified" class="advisory-td">2015-05-27</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAN4P">Splunk Enterprise 6.1.8, 6.0.9, and 5.0.13 address multiple vulnerabilities</a></td><td label="Severity" class="advisory-td">Low</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">2.6</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-98351</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAN84">SP-CAAAN84</a></td><td label="Published" class="advisory-td">2015-05-11</td><td label="Modified" class="advisory-td">2015-10-07</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAN84">Splunk Enterprise 6.2.5, 6.1.9, 6.0.10, 5.0.14 and Splunk Light 6.2.5 address multiple vulnerabilities</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-102133, SPL-103044</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANZ7">SP-CAAANZ7</a></td><td label="Published" class="advisory-td">2015-04-30</td><td label="Modified" class="advisory-td">2015-08-13</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANZ7">Splunk Enterprise 6.2.3 and Splunk Light 6.2.3 address five vulnerabilities</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-98531, SPL-96280, SPL-95798, SPL-95594</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANXD">SP-CAAANXD</a></td><td label="Published" class="advisory-td">2015-03-24</td><td label="Modified" class="advisory-td">2015-03-24</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANXD">Splunk Enterprise 6.2.2 addresses two vulnerabilities</a></td><td label="Severity" class="advisory-td">Medium</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-95206, SPL-95205, SPL-95204, SPL-97914, SPL-91660</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANV8">SP-CAAANV8</a></td><td label="Published" class="advisory-td">2015-02-23</td><td label="Modified" class="advisory-td">2015-02-23</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANV8">Splunk Enterprise 6.2.2 addresses two vulnerabilities</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-95203, SPL-93754</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANVJ">SP-CAAANVJ</a></td><td label="Published" class="advisory-td">2015-01-28</td><td label="Modified" class="advisory-td">2015-01-29</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANVJ">Splunk response to "GHOST" Vulnerability (CVE-2015-0235)</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANU5">SP-CAAANU5</a></td><td label="Published" class="advisory-td">2015-01-28</td><td label="Modified" class="advisory-td">2015-01-29</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANU5">Splunk response to January 2015 OpenSSL vulnerabilities</a></td><td label="Severity" class="advisory-td">High</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANST">SP-CAAANST</a></td><td label="Published" class="advisory-td">2014-11-19</td><td label="Modified" class="advisory-td">2014-11-19</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANST">Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-91947, SPL-92062, SPL-89216</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANR7">SP-CAAANR7</a></td><td label="Published" class="advisory-td">2014-11-11</td><td label="Modified" class="advisory-td">2014-11-11</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANR7">Splunk Enterprise 6.1.5 addresses two vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">4.3</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-91948, SPL-92061</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANKE">SP-CAAANKE</a></td><td label="Published" class="advisory-td">2014-10-14</td><td label="Modified" class="advisory-td">2014-12-23</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANKE">Splunk response to SSLv3 "POODLE" vulnerability (CVE-2014-3566)</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">5.4</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANHS">SP-CAAANHS</a></td><td label="Published" class="advisory-td">2014-09-30</td><td label="Modified" class="advisory-td">2014-11-20</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANHS">Splunk Enterprise 6.1.4 and 5.0.10 address four vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-88585, SPL-88587, SPL-88588, SPL-89216, SPL-85579, SPL-85360</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANJN">SP-CAAANJN</a></td><td label="Published" class="advisory-td">2014-09-29</td><td label="Modified" class="advisory-td">2014-09-30</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANJN">Splunk response to "shellshock" vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANE2">SP-CAAANE2</a></td><td label="Published" class="advisory-td">2014-09-03</td><td label="Modified" class="advisory-td">2014-09-24</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAANE2">Splunk Enterprise 6.0.6 addresses two vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-88587, SPL-85360</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAM9H">SP-CAAAM9H</a></td><td label="Published" class="advisory-td">2014-08-04</td><td label="Modified" class="advisory-td">2014-08-04</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAM9H">Splunk Enterprise 6.1.3 addresses two vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-85595, SPL-84887</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAM2D">SP-CAAAM2D</a></td><td label="Published" class="advisory-td">2014-07-01</td><td label="Modified" class="advisory-td">2014-07-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAM2D">Splunk 6.0.3 addresses two vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-85063, SPL-85063</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAMSH">SP-CAAAMSH</a></td><td label="Published" class="advisory-td">2014-05-09</td><td label="Modified" class="advisory-td">2014-05-14</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAMSH">Splunk Enterprise 6.0.4 addresses one vulnerability</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">3.5</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-79922</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAMB3">SP-CAAAMB3</a></td><td label="Published" class="advisory-td">2014-04-10</td><td label="Modified" class="advisory-td"></td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAMB3">Splunk 6.0.3 addresses two vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAKQX">SP-CAAAKQX</a></td><td label="Published" class="advisory-td">2014-03-28</td><td label="Modified" class="advisory-td">2014-03-28</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAKQX">Splunk 5.0.8 addresses one vulnerability</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">3.5</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-74017</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAJD5">SP-CAAAJD5</a></td><td label="Published" class="advisory-td">2013-12-17</td><td label="Modified" class="advisory-td">2014-03-25</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAJD5">Splunk 6.0.1 addresses one vulnerability</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">7.8</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-75668</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAJCD">SP-CAAAJCD</a></td><td label="Published" class="advisory-td">2013-11-15</td><td label="Modified" class="advisory-td">2013-12-17</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAJCD">Splunk 5.0.6 addresses one vulnerability</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">3.5</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-74327</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAH76">SP-CAAAH76</a></td><td label="Published" class="advisory-td">2013-09-23</td><td label="Modified" class="advisory-td">2014-03-10</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAH76">Splunk 5.0.5 addresses one vulnerability</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-70250</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAH32">SP-CAAAH32</a></td><td label="Published" class="advisory-td">2013-07-29</td><td label="Modified" class="advisory-td">2013-07-29</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAH32">Splunk 5.0.4 addresses one vulnerability</a></td><td label="Severity" class="advisory-td">-</td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector"></td><td class="advisory-td" label="CVSS Score">1</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-65987</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAHXG">SP-CAAAHXG</a></td><td label="Published" class="advisory-td">2013-05-28</td><td label="Modified" class="advisory-td">2013-05-28</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAHXG">Splunk 5.0.3 addresses multiple vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-59895, SPL-60250, SPL-61546</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAHSQ">SP-CAAAHSQ</a></td><td label="Published" class="advisory-td">2013-04-20</td><td label="Modified" class="advisory-td">2013-04-20</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAHSQ">Splunk 4.3.6 addresses one vulnerability</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">4.0</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-60629</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAHB4">SP-CAAAHB4</a></td><td label="Published" class="advisory-td">2012-11-16</td><td label="Modified" class="advisory-td">2012-11-16</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAHB4">Splunk 4.3.5 and 5.0 address three vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-50671, SPL-5515, SPL-55521</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAHDG">SP-CAAAHDG</a></td><td label="Published" class="advisory-td">2012-11-01</td><td label="Modified" class="advisory-td">2012-11-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAHDG">Splunk 5.0 updates to python 2.7.3, addressing two vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAGTK">SP-CAAAGTK</a></td><td label="Published" class="advisory-td">2012-03-05</td><td label="Modified" class="advisory-td">2012-03-26</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAGTK">Splunk 4.3.1 addresses one vulnerability</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-38585</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAGMM">SP-CAAAGMM</a></td><td label="Published" class="advisory-td">2011-12-12</td><td label="Modified" class="advisory-td">2011-12-20</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAGMM">Splunk 4.2.5 addresses three vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-44614, SPL-45172, SPL-45243</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAGGH">SP-CAAAGGH</a></td><td label="Published" class="advisory-td">2011-10-19</td><td label="Modified" class="advisory-td">2011-10-19</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAGGH">Splunk 4.2.4 addresses two vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-42471, SPL-42474</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAGD3">SP-CAAAGD3</a></td><td label="Published" class="advisory-td">2011-08-09</td><td label="Modified" class="advisory-td">2011-08-09</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAGD3">Splunk 4.2.3 addresses two vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-40804, SPL-40645</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAF72">SP-CAAAF72</a></td><td label="Published" class="advisory-td">2011-06-15</td><td label="Modified" class="advisory-td">2011-06-15</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAF72">Open Redirect in Splunk Web</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">3.6</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-38704</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAF5K">SP-CAAAF5K</a></td><td label="Published" class="advisory-td">2011-04-18</td><td label="Modified" class="advisory-td">2011-04-18</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAF5K">Reflected XSS with Splunk Web</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">6.0</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-38585</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAFW6">SP-CAAAFW6</a></td><td label="Published" class="advisory-td">2011-02-10</td><td label="Modified" class="advisory-td">2011-2-10</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAFW6">Splunk 4.1.7 addresses five security vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-34355, SPL-35709, SPL-35710, SPL-37226, SPL-37227</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAFVU">SP-CAAAFVU</a></td><td label="Published" class="advisory-td">2010-12-01</td><td label="Modified" class="advisory-td">2010-12-01</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAFVU">Splunk 4.1.6 updates OpenSSL to 0.9.8p address CVE-2010-3864</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAFQ6">SP-CAAAFQ6</a></td><td label="Published" class="advisory-td">2010-09-09</td><td label="Modified" class="advisory-td">2010-09-09</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAFQ6">Splunk 4.1.5 addresses two security vulnerabilities</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-31061, SPL-31094</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAFHY">SP-CAAAFHY</a></td><td label="Published" class="advisory-td">2010-06-07</td><td label="Modified" class="advisory-td">2010-06-07</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAFHY">Cross-site Scripting in Splunk Web with 404 Responses in Internet Explorer</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">4</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAFGS">SP-CAAAFGS</a></td><td label="Published" class="advisory-td">2010-05-10</td><td label="Modified" class="advisory-td">2010-05-10</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAFGS">Vulnerability in example PAM authentication script</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">-</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr><tr class="advisory-tr"><td label="SVD" class="advisory-td"><a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAFGD">SP-CAAAFGD</a></td><td label="Published" class="advisory-td">2010-05-03</td><td label="Modified" class="advisory-td">2010-05-03</td><td label="Title" class="advisory-td advisory-td-title"> <a class="advisory-no-link advisory-link" href="/advisories/SP-CAAAFGD">Splunk Critical Maintenance Release and Patch</a></td><td label="Severity" class="advisory-td"></td><td label="CVE" class="advisory-td"></td><td class="advisory-td" label="CVSS Vector">-</td><td class="advisory-td" label="CVSS Score">-</td><td class="advisory-td" label="CWE">-</td><td class="advisory-td" label="Bug">SPL-31194, SPL-31063, SPL-31067, SPL-31084, SPL-31084, SPL-31085, SPL-31066</td><td class="advisory-td" label="Affected Product"></td><td class="advisory-td" label="Fixed Versions"></td><td class="advisory-td" label="Affected Versions"></td><td class="affected-versions-datatable" label="All Affected Versions"></td><td class="advisory-td" label="Affected Components"></td><td class="advisory-td" label="Description"></td><td class="advisory-td" label="Solution"></td><td class="advisory-td" label="Mitigations"></td><td class="advisory-td" label="Severity Summary"></td><td class="advisory-td" label="OSS"></td><td class="advisory-td" label="Credit"></td></tr></tbody></table></div><p> </p></section></article></div></div><div id="footer" class="page__footer"><footer><div class="page__footer-follow"><ul class="social-icons"><li><a href="mailto:prodsec@splunk.com" rel="nofollow noopener noreferrer" class="advisory-icon-a"><i class="fa-regular fa-envelope advisory-icon-i"></i> Email</a></li><li><a href="/feed.xml" rel="nofollow noopener noreferrer" class="advisory-icon-a"><i class="fa-solid fa-rss advisory-icon-i"></i> RSS Feed</a></li><li><a href="https://login.splunk.com/page/sso_redirect?type=portal" rel="nofollow noopener noreferrer" class="advisory-icon-a"><i class="fa-solid fa-link advisory-icon-i"></i> Support</a></li></ul></div><div class="page__footer-copyright">© 2005 - 2024 Splunk Inc. All rights reserved.</div><div class="page__footer-links"><a href="https://www.splunk.com/en_us/legal.html" rel="nofollow noopener noreferrer">Legal</a> <a href="https://www.splunk.com/en_us/legal/privacy/privacy-policy.html" rel="nofollow noopener noreferrer">Privacy<a/> <a href="https://www.splunk.com/en_us/legal/terms/terms-of-use.html" rel="nofollow noopener noreferrer">Website Terms of Use<a/></div></footer></div></body></html>