Skip to main content

Splunk Products Multiple Vulnerabilities

Last Update Date: 20 Feb 2023 Release Date: 16 Feb 2023 4183 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities were identified in Splunk Products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, data manipulation, denial of service, elevation of privilege, security restriction bypass and cross-site scripting on the targeted system.

 

[Updated on 2023-02-20] 

Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.


Impact

  • Cross-Site Scripting
  • Information Disclosure
  • Data Manipulation
  • Security Restriction Bypass
  • Denial of Service
  • Elevation of Privilege

System / Technologies affected

  • Splunk Add-on Builder: cloudconnectlib 4.1.1 and lower
  • Splunk CloudConnect SDK: 3.1.2 and lower
  • Splunk Cloud Platform: Search 8.2.2202 and lower
  • Splunk Cloud Platform: Splunk Web 9.0.2209 and lower
  • Splunk Enterprise: Search 8.1.12 and lower
  • Splunk Enterprise: Search 8.2.0 to 8.2.9
  • Splunk Enterprise: Splunk Web 8.1.12 and lower
  • Splunk Enterprise: Splunk Web 8.2.0 to 8.2.9
  • Splunk Enterprise: Splunk Web 9.0.0 to 9.0.3

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:


Vulnerability Identifier


Source


Related Link