Splunk Cloud 9.1.2312

CPE Details

Splunk Cloud 9.1.2312
splunk
cloud
9.1.2312
2025-03-13
11h06 +00:00
2025-03-13
11h06 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:splunk:cloud:9.1.2312:*:*:*:*:*:*:*

Informations

Vendor

splunk

Product

cloud

Version

9.1.2312

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-36986 2024-07-01 16h30 +00:00 In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
6.3
Medium
CVE-2024-36989 2024-07-01 16h30 +00:00 In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.
6.5
Medium
CVE-2024-36987 2024-07-01 16h30 +00:00 In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.
6.5
Medium
CVE-2024-23675 2024-01-22 20h37 +00:00 In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.
6.5
Medium