Splunk Cloud Platform 9.0.2305.100

CPE Details

Splunk Cloud Platform 9.0.2305.100
splunk
splunk_cloud_platform
9.0.2305.100
2023-09-16
01h55 +00:00
2023-09-16
01h55 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:splunk:splunk_cloud_platform:9.0.2305.100:*:*:*:*:*:*:*

Informations

Vendor

splunk

Product

splunk_cloud_platform

Version

9.0.2305.100

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-45732 2024-10-14 17h03 +00:00 In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.
7.1
Haute
CVE-2024-45740 2024-10-14 17h03 +00:00 In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.
5.4
Moyen
CVE-2023-40597 2023-08-30 16h19 +00:00 In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
8.8
Haute
CVE-2023-40593 2023-08-30 16h19 +00:00 In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.
7.5
Haute
CVE-2023-40594 2023-08-30 16h19 +00:00 In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.
7.5
Haute
CVE-2023-40592 2023-08-30 16h19 +00:00 In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.
8.4
Haute
CVE-2023-40595 2023-08-30 16h19 +00:00 In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.
8.8
Haute
CVE-2023-40598 2023-08-30 16h19 +00:00 In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.
8.8
Haute