Splunk Security Announcements https://advisory.splunk.com/feed.xml Splunk Security Announcements en 2023 Splunk <![CDATA[SVD-2024-0112: Third-Party Package Updates in Splunk Add-on Builder - January 2024]]> Splunk remedied common vulnerabilities and exposures (CVEs) in Third-Party Packages in Splunk Add-on Builder version 4.1.4.

]]>
Tue, 30 Jan 2024 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2024-0112 Security Advisory
<![CDATA[SVD-2024-0111: Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder]]> In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.

]]>
Tue, 30 Jan 2024 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2024-0111 Security Advisory
<![CDATA[SVD-2024-0110: Session Token Disclosure to Internal Log Files in Splunk Add-on Builder]]> In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on.

]]>
Tue, 30 Jan 2024 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2024-0110 Security Advisory
<![CDATA[SVD-2024-0109: Third-Party Package Updates in Splunk Enterprise - January 2024]]> Splunk remedied common vulnerabilities and exposures (CVEs) in Third-Party Packages in Splunk Enterprise versions 9.0.8 and 9.1.3.

]]>
Mon, 22 Jan 2024 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2024-0109 Security Advisory
<![CDATA[SVD-2024-0108: Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition]]> In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows.

]]>
Mon, 22 Jan 2024 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2024-0108 Security Advisory
<![CDATA[SVD-2024-0107: Server Response Disclosure in RapidDiag Salesforce.com Log File]]> In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.

]]>
Mon, 22 Jan 2024 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2024-0107 Security Advisory
<![CDATA[SVD-2024-0106: Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command]]> In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.

]]>
Mon, 22 Jan 2024 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2024-0106 Security Advisory
<![CDATA[SVD-2024-0105: Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion]]> In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.

]]>
Mon, 22 Jan 2024 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2024-0105 Security Advisory
<![CDATA[SVD-2024-0104: Splunk User Behavior Analytics (UBA) Third-Party Package Updates]]> Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk User Behavior Analytics (UBA) versions 5.3.0 and 5.2.1.

]]>
Tue, 09 Jan 2024 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2024-0104 Security Advisory
<![CDATA[SVD-2024-0103: Splunk Enterprise Security (ES) Third-Party Package Updates - January 2024]]> Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise Security (ES) versions 7.1.2, 7.2.0, and higher.

]]>
Tue, 09 Jan 2024 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2024-0103 Security Advisory
<![CDATA[SVD-2024-0102: Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation]]> In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.
The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.

]]>
Tue, 09 Jan 2024 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2024-0102 Security Advisory
<![CDATA[SVD-2024-0101: Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments]]> In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.

]]>
Tue, 09 Jan 2024 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2024-0101 Security Advisory
<![CDATA[SVD-2023-1107: November 2023 Splunk Universal Forwarder Third-Party Updates]]> Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder versions 9.0.7 and 9.1.2.

]]>
Thu, 16 Nov 2023 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2023-1107 Security Advisory
<![CDATA[SVD-2023-1106: November 2023 Third-Party Package Updates in Splunk Cloud Platform]]> Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 9.1.2308.100 of Splunk Cloud Platform.

]]>
Thu, 16 Nov 2023 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2023-1106 Security Advisory
<![CDATA[SVD-2023-1105: November 2023 Third Party Package updates in Splunk Enterprise]]> Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 9.0.7 and 9.1.2 of Splunk Enterprise.

]]>
Thu, 16 Nov 2023 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2023-1105 Security Advisory
<![CDATA[SVD-2023-1104: Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing]]> In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

]]>
Thu, 16 Nov 2023 00:00:00 +0000 https://advisory.splunk.com//advisories/SVD-2023-1104 Security Advisory