CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-45741
Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise
Description: In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE
January 3rd, 2025 (7 months ago)

CVE-2024-45740
Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise
Description: In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE
January 3rd, 2025 (7 months ago)

CVE-2024-45739
Sensitive information disclosure in AdminManager logging channel
Description: In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.

CVSS: MEDIUM (4.9)

EPSS Score: 0.05%

Source: CVE
January 3rd, 2025 (7 months ago)

CVE-2024-45738
Sensitive information disclosure in REST_Calls logging channel
Description: In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level.

CVSS: MEDIUM (4.9)

EPSS Score: 0.05%

Source: CVE
January 3rd, 2025 (7 months ago)

CVE-2024-45737
Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF)
Description: In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 3rd, 2025 (7 months ago)

CVE-2024-45736
Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
Description: In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 3rd, 2025 (7 months ago)

CVE-2024-45735
Improper Access Control for low-privileged user in Splunk Secure Gateway App
Description: In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
January 3rd, 2025 (7 months ago)

CVE-2024-45734
Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard
Description: In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
January 3rd, 2025 (7 months ago)

CVE-2024-45733
Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows
Description: In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
January 3rd, 2025 (7 months ago)

CVE-2024-45732
Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app
Description: In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.

CVSS: HIGH (7.1)

EPSS Score: 0.05%

Source: CVE
January 3rd, 2025 (7 months ago)