Splunk Products Multiple Vulnerabilities
Last Update Date:
20 Feb 2023
Release Date:
16 Feb 2023
4768
Views
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in Splunk Products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, data manipulation, denial of service, elevation of privilege, security restriction bypass and cross-site scripting on the targeted system.
[Updated on 2023-02-20]
Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.
Impact
- Cross-Site Scripting
- Information Disclosure
- Data Manipulation
- Security Restriction Bypass
- Denial of Service
- Elevation of Privilege
System / Technologies affected
- Splunk Add-on Builder: cloudconnectlib 4.1.1 and lower
- Splunk CloudConnect SDK: 3.1.2 and lower
- Splunk Cloud Platform: Search 8.2.2202 and lower
- Splunk Cloud Platform: Splunk Web 9.0.2209 and lower
- Splunk Enterprise: Search 8.1.12 and lower
- Splunk Enterprise: Search 8.2.0 to 8.2.9
- Splunk Enterprise: Splunk Web 8.1.12 and lower
- Splunk Enterprise: Splunk Web 8.2.0 to 8.2.9
- Splunk Enterprise: Splunk Web 9.0.0 to 9.0.3
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://advisory.splunk.com/advisories/SVD-2023-0213
- https://advisory.splunk.com/advisories/SVD-2023-0207
- https://advisory.splunk.com/advisories/SVD-2023-0202
- https://advisory.splunk.com//advisories/SVD-2023-0201
- https://advisory.splunk.com//advisories/SVD-2023-0203
- https://advisory.splunk.com//advisories/SVD-2023-0204
- https://advisory.splunk.com//advisories/SVD-2023-0205
- https://advisory.splunk.com//advisories/SVD-2023-0206
- https://advisory.splunk.com//advisories/SVD-2023-0208
- https://advisory.splunk.com//advisories/SVD-2023-0209
- https://advisory.splunk.com//advisories/SVD-2023-0210
- https://advisory.splunk.com//advisories/SVD-2023-0211
- https://advisory.splunk.com//advisories/SVD-2023-0212
Vulnerability Identifier
- CVE-2023-22932
- CVE-2023-22937
- CVE-2023-22943
- CVE-2023-22931
- CVE-2023-22933
- CVE-2023-22934
- CVE-2023-22935
- CVE-2023-22936
- CVE-2023-22938
- CVE-2023-22939
- CVE-2023-22940
- CVE-2023-22941
- CVE-2023-22942
Source
Related Link
- https://www.auscert.org.au/bulletins/ESB-2023.0895
- https://www.auscert.org.au/bulletins/ESB-2023.0894
- https://www.auscert.org.au/bulletins/ESB-2023.0893
- https://advisory.splunk.com/advisories/SVD-2023-0213
- https://advisory.splunk.com/advisories/SVD-2023-0207
- https://advisory.splunk.com/advisories/SVD-2023-0202
- https://advisory.splunk.com//advisories/SVD-2023-0201
- https://advisory.splunk.com//advisories/SVD-2023-0203
- https://advisory.splunk.com//advisories/SVD-2023-0204
- https://advisory.splunk.com//advisories/SVD-2023-0205
- https://advisory.splunk.com//advisories/SVD-2023-0206
- https://advisory.splunk.com//advisories/SVD-2023-0208
- https://advisory.splunk.com//advisories/SVD-2023-0209
- https://advisory.splunk.com//advisories/SVD-2023-0210
- https://advisory.splunk.com//advisories/SVD-2023-0211
- https://advisory.splunk.com//advisories/SVD-2023-0212
Related Tags
Share with