Splunk Cloud 9.1.2308

CPE Details

Splunk Cloud 9.1.2308
splunk
cloud
9.1.2308
2023-11-25
02h54 +00:00
2023-11-25
02h54 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:splunk:cloud:9.1.2308:*:*:*:*:*:*:*

Informations

Vendor

splunk

Product

cloud

Version

9.1.2308

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-36982 2024-07-01 16h31 +00:00 In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.
7.5
Haute
CVE-2024-36986 2024-07-01 16h30 +00:00 In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
6.3
Moyen
CVE-2024-23676 2024-01-22 20h37 +00:00 In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.
4.6
Moyen
CVE-2024-23675 2024-01-22 20h37 +00:00 In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.
6.5
Moyen