8.8
CVE-2024-45733 - Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Wβ¦
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.
7.1
CVE-2024-45732 - Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user β¦
6.5
CVE-2024-45736 - Improperly Formatted βINGEST_EVALβ Parameter Crashes Splunk Daemon
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" paraβ¦
5.4
CVE-2024-45741 - Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter β¦
4.3
CVE-2024-45734 - Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Clβ¦
In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed β¦
5.4
CVE-2024-45740 - Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code β¦
8
CVE-2024-45731 - Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directβ¦
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windβ¦
4.3
CVE-2024-45735 - Improper Access Control for low-privileged user in Splunk Secure Gateway App
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration anβ¦
8.8
CVE-2023-50780 - Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could evβ¦
5.9
CVE-2024-8184 - Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.