Multiple vulnerabilities in Splunk Enterprise
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2024-23675 CVE-2024-23676 CVE-2024-23677 CVE-2024-23678 |
| CWE-ID | CWE-284 CWE-20 CWE-532 CWE-502 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Splunk Enterprise Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Splunk Inc. |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU85686
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23675
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to delete certain data.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and delete KV Store collections.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.1.2
External linkshttp://advisory.splunk.com/advisories/SVD-2024-0105
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU85685
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23676
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. A remote user can gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.1.2
External linkshttp://advisory.splunk.com/advisories/SVD-2024-0106
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Inclusion of Sensitive Information in Log Files
EUVDB-ID: #VU85684
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23677
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to the RapidDiag utility discloses server responses to an external application upload request in a log file. A remote user can read the log files and gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.0.7
External linkshttp://advisory.splunk.com/advisories/SVD-2024-0107
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Deserialization of Untrusted Data
EUVDB-ID: #VU85683
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23678
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure input validation when processing serialized data from a separate disk partition on the machine. A local user can pass specially crafted input to the application and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.1.2
External linkshttp://advisory.splunk.com/advisories/SVD-2024-0108
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
