Splunk Enterprise update for third-party components
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 23 |
| CVE-ID | CVE-2023-47627 CVE-2022-40899 CVE-2023-32681 CVE-2022-40898 CVE-2022-40896 CVE-2022-40897 CVE-2023-5752 CVE-2024-3651 CVE-2023-37920 CVE-2023-45803 CVE-2023-43804 CVE-2023-37276 CVE-2023-35116 CVE-2018-10237 CVE-2023-2976 CVE-2020-8908 CVE-2022-36364 CVE-2023-39410 CVE-2023-34455 CVE-2023-34454 CVE-2023-34453 CVE-2023-43642 CVE-2021-29425 |
| CWE-ID | CWE-444 CWE-185 CWE-200 CWE-20 CWE-1333 CWE-77 CWE-400 CWE-345 CWE-789 CWE-276 CWE-94 CWE-502 CWE-190 CWE-770 CWE-22 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #11 is available. |
| Vulnerable software |
Splunk Enterprise Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Splunk Inc. |
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU83631
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47627
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when AIOHTTP_NO_EXTENSIONS is enabled. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Incorrect Regular Expression
EUVDB-ID: #VU71137
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-40899
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing the Set-Cookie header. A remote attacker can send a specially crafted HTTP request to the application and perform a regular expression denial of service (ReDoS) attack.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU77164
Risk: Medium
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-32681
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Input validation error
EUVDB-ID: #VU71377
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-40898
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input passed to wheel cli. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Inefficient regular expression complexity
EUVDB-ID: #VU82226
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-40896
CWE-ID:
CWE-1333 - Inefficient Regular Expression Complexity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions in pygments/lexers/smithy.py. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Incorrect Regular Expression
EUVDB-ID: #VU71379
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-40897
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Command Injection
EUVDB-ID: #VU84849
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-5752
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation when installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip. A remote attacker who controls the repository can use the specified Mercurial revision to inject arbitrary configuration options to the "hg clone" call (ie "--config").
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource exhaustion
EUVDB-ID: #VU88828
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-3651
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the idna.encode() function. A remote attacker can pass an overly long domain name to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Insufficient verification of data authenticity
EUVDB-ID: #VU79296
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37920
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exist due to software recognizes "e-Tugra" root certificates, which were subject to an investigation prompted by reporting of security issues in their systems. An attacker with ability to generate certificates signed with the compromised "e-Tugra" root certificate can perform MitM attack.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information disclosure
EUVDB-ID: #VU82978
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-45803
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to urllib3 does not remove the HTTP request body when redirecting HTTP response using status codes 301, 302, or 303, after the request had its method changed from one that could accept a request body (e.g. from POST to GET). A remote attacker can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU81322
Risk: Low
CVSSv4.0: 2.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-43804
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to urllib does not strip the "Cookie" HTTP header during cross-origin HTTP redirects. A remote attacker can gain unauthorized access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU78448
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-37276
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests in the aiohttp.web.Application. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU82122
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35116
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform service disruption.
The vulnerability exists due to improper input validation within the Oracle Database Fleet Patching and Provisioning (jackson-databind) in Oracle Database Server. A remote authenticated user can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Uncontrolled memory allocation
EUVDB-ID: #VU12886
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10237
CWE-ID:
CWE-789 - Uncontrolled Memory Allocation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to unbounded memory allocation. A remote attacker can cause the service to crash and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Incorrect default permissions
EUVDB-ID: #VU77107
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2976
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions in com.google.common.io.FileBackedOutputStream. A local user with access to the system can view contents of files and directories or modify them.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Incorrect default permissions
EUVDB-ID: #VU50139
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-8908
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files located in the temporary directory set by the Guava com.google.common.io.Files.createTempDir(). A local user with access to the system can view contents of files and directories or modify them.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Code Injection
EUVDB-ID: #VU65864
Risk: Medium
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-36364
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in JDBC driver, which creates HTTP client instances based on class names provided via "httpclient_impl" connection property. The driver does not verify if the class implements the expected interface before instantiating it. A remote user with ability to control JDBC connection parameters can inject arbitrary class name and execute code on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Deserialization of Untrusted Data
EUVDB-ID: #VU83219
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-39410
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to reader can consume memory beyond the allowed constraints and thus lead to out of memory on the system, when deserializing untrusted or corrupted data. A remote attacker can pass specially crafted data to the application and perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Resource exhaustion
EUVDB-ID: #VU77362
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-34455
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Integer overflow
EUVDB-ID: #VU77361
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-34454
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in compress. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Integer overflow
EUVDB-ID: #VU77359
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-34453
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in shuffle. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU82454
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-43642
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to missing upper bound check on chunk length. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Path traversal
EUVDB-ID: #VU52252
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-29425
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error within the FileNameUtils.normalize method when processing directory traversal sequences, such as "//../foo", or "\..foo". A remote attacker can send a specially crafted request and verify files availability in the parent folder.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.2.0
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.0:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-0718
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
