Splunk 9.3.1 Enterprise Edition

CPE Details

Splunk 9.3.1 Enterprise Edition
splunk
splunk
9.3.1
2025-01-27
12h22 +00:00
2025-01-27
12h22 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:splunk:splunk:9.3.1:*:*:*:enterprise:*:*:*

Informations

Vendor

splunk

Product

splunk

Version

9.3.1

Software Edition

enterprise

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-53244 2024-12-10 18h01 +00:00 In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.
The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
5.7
Medium
CVE-2024-45739 2024-10-14 17h03 +00:00 In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.
4.9
Medium