Splunk 產品多個漏洞
發佈日期:
2025年03月27日
381
觀看次數
風險: 中度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
於 Splunk 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發跨網站指令碼、遠端執行程式碼、繞過保安限制、敏感資料洩露及資料篡改。
影響
- 遠端執行程式碼
- 資料洩露
- 跨網站指令碼
- 繞過保安限制
- 篡改
受影響之系統或技術
- Splunk Enterprise 9.4.1, 9.3.3, 9.2.5 和 9.1.8 及之前的版本
- Splunk Cloud Platform 9.1.2308.214 及之前的版本, 9.1.2312.208 及之前的版本, 9.2.2403.115 及之前的版本, 9.2.2403.100 至 9.2.2403.112 版本, 9.2.2406.100 至 9.2.2406.112 版本, 9.3.2408.100 至 9.3.2408.106 版本
- Splunk Secure Gateway app versions 3.8.38 及之前的版本 和 3.7.23 及之前的版本
- Splunk App for Data Science and Deep Learning 5.1.2, 5.1.1 和 5.1.0 版本
- Splunk App for Lookup File Editing 4.0.5 及之前的版本
- Splunk DB Connect 4.0.0 及之前的版本
- Splunk Add-on for Microsoft Cloud Services 5.4.4 及之前的版本
- Splunk Infrastructure Monitoring Add-on 1.2.7 及之前的版本
解決方案
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
- https://advisory.splunk.com//advisories/SVD-2025-0301
- https://advisory.splunk.com//advisories/SVD-2025-0302
- https://advisory.splunk.com//advisories/SVD-2025-0303
- https://advisory.splunk.com//advisories/SVD-2025-0304
- https://advisory.splunk.com//advisories/SVD-2025-0305
- https://advisory.splunk.com//advisories/SVD-2025-0306
- https://advisory.splunk.com//advisories/SVD-2025-0307
- https://advisory.splunk.com//advisories/SVD-2025-0308
- https://advisory.splunk.com//advisories/SVD-2025-0309
- https://advisory.splunk.com//advisories/SVD-2025-0310
- https://advisory.splunk.com//advisories/SVD-2025-0311
- https://advisory.splunk.com//advisories/SVD-2025-0312
- https://advisory.splunk.com//advisories/SVD-2025-0313
漏洞識別碼
- CVE-2023-5363
- CVE-2024-2511
- CVE-2024-3651
- CVE-2024-4603
- CVE-2024-6923
- CVE-2024-21090
- CVE-2024-21272
- CVE-2024-29857
- CVE-2024-38999
- CVE-2024-39338
- CVE-2024-45801
- CVE-2024-47875
- CVE-2025-20226
- CVE-2025-20227
- CVE-2025-20228
- CVE-2025-20229
- CVE-2025-20230
- CVE-2025-20231
- CVE-2025-20232
- CVE-2025-20233
資料來源
相關連結
- https://advisory.splunk.com//advisories/SVD-2025-0301
- https://advisory.splunk.com//advisories/SVD-2025-0302
- https://advisory.splunk.com//advisories/SVD-2025-0303
- https://advisory.splunk.com//advisories/SVD-2025-0304
- https://advisory.splunk.com//advisories/SVD-2025-0305
- https://advisory.splunk.com//advisories/SVD-2025-0306
- https://advisory.splunk.com//advisories/SVD-2025-0307
- https://advisory.splunk.com//advisories/SVD-2025-0308
- https://advisory.splunk.com//advisories/SVD-2025-0309
- https://advisory.splunk.com//advisories/SVD-2025-0310
- https://advisory.splunk.com//advisories/SVD-2025-0311
- https://advisory.splunk.com//advisories/SVD-2025-0312
- https://advisory.splunk.com//advisories/SVD-2025-0313
分享至