advisory.splunk.com
Open in
urlscan Pro
2606:50c0:8001::153
Public Scan
Submitted URL: https://s1528.t.en25.com/e/er?s=1528&lid=63023&elqTrackId=5c9966778fb34723a64a72f1acf6e85b&elq=e2516d919c5749b2b7aeaed2c9...
Effective URL: https://advisory.splunk.com/?utm_medium=email&utm_source=eloqua&utm_campaign=GLBLFY24Q2_GLBL_CSM_EMAL_CPA_EN_SecVulnerabilit...
Submission: On June 05 via manual from AU — Scanned from CA
Effective URL: https://advisory.splunk.com/?utm_medium=email&utm_source=eloqua&utm_campaign=GLBLFY24Q2_GLBL_CSM_EMAL_CPA_EN_SecVulnerabilit...
Submission: On June 05 via manual from AU — Scanned from CA
Form analysis
0 forms found in the DOMText Content
* Home * Security Advisories * Report a Vulnerability Toggle menu * Home * Security Advisories * Report a Vulnerability CRITICAL SECURITY ALERTS, QUARTERLY SECURITY PATCHES, AND THIRD PARTY BULLETINS Subscribe to our RSS feed for Splunk Product Security announcements Subscribe CRITICAL SECURITY ALERTS, QUARTERLY SECURITY PATCHES, AND THIRD PARTY BULLETINSPERMALINK This page lists announcements of security fixes made in Critical Security Alerts, Quarterly Security Patch Updates, and Third Party Bulletins. For all Advisories, Announcements, and Bulletins, see the Security Advisories list. CRITICAL SECURITY ALERTSPERMALINK Splunk will publish out-of-band advisories for vulnerabilities that are time-sensitive as soon as possible. SVDDateTitleSeverityCVESVD-2022-06082022-08-16 Splunk Enterprise deployment servers allow client publishing of forwarder bundlesCritical CVE-2022-32158SVD-2022-06072022-08-16 Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloadsHigh CVE-2022-32157SVD-2022-06062022-06-14 Splunk Enterprise and Universal Forwarder CLI connections lacked TLS certificate validationHigh CVE-2022-32156SVD-2022-06052022-06-14 Universal Forwarder management services allow remote login by defaultInfo CVE-2022-32155SVD-2022-06042022-06-14 Risky commands warnings in Splunk Enterprise dashboardsMedium CVE-2022-32154SVD-2022-06032022-06-14 Splunk Enterprise lacked TLS host name certificate validationHigh CVE-2022-32153SVD-2022-06022022-06-14 Splunk Enterprise lacked TLS certificate validation for Splunk-to-Splunk communication by defaultHigh CVE-2022-32152SVD-2022-06012022-06-14 Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by defaultHigh CVE-2022-32151SVD-2022-03012022-03-24 Indexer denial-of-service via malformed S2S requestHigh CVE-2021-3422 QUARTERLY SECURITY PATCH UPDATESPERMALINK Security Updates are collections of security fixes for supported versions of Splunk products. We plan to create Security Patch Updates and make them available through scheduled cloud releases or on-premises maintenance releases for supported versions of Splunk products at the time of the quarterly advisory disclosure. When patches can not be backported due to technical feasibility or otherwise, we will publish mitigation and additional compensating control guidance. Security Patch Updates are published quarterly in February, June, August and November. Customers are encouraged to sign up for our RSS feed to receive a notification when advisories have been published. SVDDateTitleSeverityCVESVD-2023-06122023-06-01 Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search ResultsMedium CVE-2023-32717SVD-2023-06112023-06-01 Denial of Service via the 'dump' SPL commandMedium CVE-2023-32716SVD-2023-06102023-06-01 Self Cross-Site Scripting (XSS) on Splunk App for Lookup File EditingMedium CVE-2023-32715SVD-2023-06092023-06-01 Information Disclosure via the ‘copyresults’ SPL CommandMedium CVE-2023-32710SVD-2023-06082023-06-01 Path Traversal in Splunk App for Lookup File EditingHigh CVE-2023-32714SVD-2023-06072023-06-01 Local Privilege Escalation via the ‘streamfwd’ program in Splunk App for StreamHigh CVE-2023-32713SVD-2023-06062023-06-01 Unauthenticated Log Injection on '/var/log/splunk/web_service.log' Log FileLow CVE-2023-32712SVD-2023-06052023-06-01 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard ViewMedium CVE-2023-32711SVD-2023-06042023-06-01 Low-privileged User can View Hashed Default Splunk PasswordMedium CVE-2023-32709SVD-2023-06032023-06-01 HTTP Response Splitting via the ‘rest’ SPL CommandHigh CVE-2023-32708SVD-2023-06022023-06-01 ‘edit_user’ Capability Privilege EscalationHigh CVE-2023-32707SVD-2023-06012023-06-01 Denial Of Service due to Untrusted XML Tag in XML Parser within SAML AuthenticationHigh CVE-2023-32706SVD-2023-02132023-02-14 Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDKMedium CVE-2023-22943SVD-2023-02122023-02-14 Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk EnterpriseMedium CVE-2023-22942SVD-2023-02112023-02-14 Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk DaemonMedium CVE-2023-22941SVD-2023-02102023-02-14 SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk EnterpriseMedium CVE-2023-22940SVD-2023-02092023-02-14 SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk EnterpriseHigh CVE-2023-22939SVD-2023-02082023-02-14 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk EnterpriseMedium CVE-2023-22938SVD-2023-02072023-02-14 Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk EnterpriseMedium CVE-2023-22937SVD-2023-02062023-02-14 Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk EnterpriseMedium CVE-2023-22936SVD-2023-02052023-02-14 SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk EnterpriseHigh CVE-2023-22935SVD-2023-02042023-02-14 SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk EnterpriseHigh CVE-2023-22934SVD-2023-02032023-02-14 Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk EnterpriseHigh CVE-2023-22933SVD-2023-02022023-02-14 Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk EnterpriseHigh CVE-2023-22932SVD-2023-02012023-02-14 ‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk EnterpriseMedium CVE-2023-22931SVD-2022-11122022-11-02 Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk EnterpriseHigh CVE-2022-43572SVD-2022-11112022-11-02 Remote Code Execution through dashboard PDF generation component in Splunk EnterpriseHigh CVE-2022-43571SVD-2022-11102022-11-02 XML External Entity Injection through a custom View in Splunk EnterpriseHigh CVE-2022-43570SVD-2022-11092022-11-02 Persistent Cross-Site Scripting via a Data Model object name in Splunk EnterpriseHigh CVE-2022-43569SVD-2022-11082022-11-02 Reflected Cross-Site Scripting via the radio template in Splunk EnterpriseHigh CVE-2022-43568SVD-2022-11072022-11-02 Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts featureHigh CVE-2022-43567SVD-2022-11062022-11-02 Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk EnterpriseHigh CVE-2022-43566SVD-2022-11052022-11-02 Risky command safeguards bypass via ‘tstats’ command JSON in Splunk EnterpriseHigh CVE-2022-43565SVD-2022-11042022-11-02 Denial of Service in Splunk Enterprise through search macrosMedium CVE-2022-43564SVD-2022-11032022-11-02 Risky command safeguards bypass via 'rex' search command field names in Splunk EnterpriseHigh CVE-2022-43563SVD-2022-11022022-11-02 Host Header Injection in Splunk EnterpriseLow CVE-2022-43562SVD-2022-11012022-11-02 Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk EnterpriseMedium CVE-2022-43561SVD-2022-08032022-08-16 Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring inputMedium CVE-2022-37439SVD-2022-08022022-08-16 Information disclosure via the dashboard drilldown in Splunk EnterpriseLow CVE-2022-37438SVD-2022-08012022-08-16 Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validationHigh CVE-2022-37437SVD-2022-05072022-05-03 Error message discloses internal pathMedium CVE-2022-26070SVD-2022-05062022-05-03 Path Traversal in search parameter results in external content injectionHigh CVE-2022-26889SVD-2022-05052022-05-03 Reflected XSS in a query parameter of the Monitoring ConsoleHigh CVE-2022-27183SVD-2022-05042022-05-03 Bypass of Splunk Enterprise's implementation of DUO MFAHigh CVE-2021-26253SVD-2022-05032022-05-03 S2S TcpToken authentication bypass High CVE-2021-31559SVD-2022-05022022-05-03 Username enumeration through lockout message in REST APIMedium CVE-2021-33845SVD-2022-05012022-05-03 Local privilege escalation via a default path in Splunk Enterprise WindowsHigh CVE-2021-42743 THIRD-PARTY BULLETINSPERMALINK Third-Party Bulletins announce security patches for third-party software. Splunk publishes Third Party Bulletins on the same day as Critical Security Alerts or Quarterly Security Patch Updates. SVDDateTitleSeverityCVESVD-2023-06152023-06-01 June Third Party Package Updates in Splunk CloudHigh MultipleSVD-2023-06142023-06-01 June Third Party Package Updates in Splunk Universal ForwardersCritical MultipleSVD-2023-06132023-06-01 June Third Party Package Updates in Splunk EnterpriseHigh MultipleSVD-2023-02152023-02-14 February Third Party Package Updates in Splunk EnterpriseHigh MultipleSVD-2023-02142023-02-14 Splunk Response to the Apache Software Foundation Publishing a Vulnerability on Apache Commons Text (CVE-2022-42889) (Text4Shell)Informational CVE-2022-42889SVD-2022-11132022-11-02 November Third Party Package updates in Splunk EnterpriseHigh CVE-2020-36518, CVE-2021-32036SVD-2022-11142022-11-01 Splunk’s response to OpenSSL’s CVE-2022-3602 and CVE-2022-3786High CVE-2022-3602, CVE-2022-3786SVD-2022-08042022-08-16 August Third Party Package updates in Splunk Enterprise and Universal ForwardersMedium MultipleSVD-2021-12012021-12-10 Splunk Security Advisory for Apache Log4j (CVE-2021-44228, CVE-2021-45046 and others)Critical CVE-2021-44228, CVE-2021-45046 POLICY ON INFORMATION PROVIDED IN CRITICAL SECURITY ALERT AND SECURITY PATCH UPDATESPERMALINK Splunk continuously monitors for vulnerabilities discovered through scans, offensive exercises, employees or externally reported by vendors or researchers. Splunk follows industry best practices to discover and remediate vulnerabilities. To report a security vulnerability, please submit to the Security Vulnerability Submission Portal. Splunk will not provide additional information about the specifics of vulnerabilities beyond what is provided in the Critical Security Alert or the Security Patch Update. Splunk does not distribute active exploit code (i.e. proof of concept code) for vulnerabilities in our products. APPLICABILITY OF CRITICAL SECURITY ALERTS AND QUARTERLY SECURITY UPDATESPERMALINK The Splunk teams regularly evaluate Critical Security Alerts, Quarterly Security Patch Updates and Third Party bulletins as they become available and apply the relevant patches in accordance with applicable change management processes. Customers requiring additional information that is not addressed in the Critical Patch Update Advisory may obtain information by going to the Support Portal and submitting a New Case. * Email * RSS Feed * Support © 2005 - 2023 Splunk Inc. All rights reserved. Legal Privacy Website Terms of Use