Tag: Splunk
SVD-2023-0805: Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently...
SVD-2023-0807: Command Injection in Splunk Enterprise Using External Lookups
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation...
SVD-2023-0808: August Third Party Package Updates in Splunk Enterprise
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.2.12, 9.0.6, and 9.1.1 of Splunk Enterprise
SVD-2023-0809: August Third Party Package Updates in Splunk Universal Forwarder
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.2.12, 9.0.6, and 9.1.1 of Splunk Universal Forwarder
SVD-2023-0810: Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can...
SVD-2023-0811: Third Party Package Updates in IT Service Intelligence (ITSI)
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 4.13.3 and 4.15.3 of IT Service Intelligence (ITSI).
SVD-2023-0802: Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request
In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the /saml/acs REST endpoint which can cause a denial of service through a crash...
SVD-2023-0801: Reflected Cross-site Scripting (XSS) on “/app/search/table” web endpoint
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to...
SVD-2023-0804: Remote Code Execution via Serialized Session Payload
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.
...
SVD-2023-0803: Denial of Service (DoS) via the ‘printf’ Search Function
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the printf SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.
SVD-2023-0806: Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
SVD-2023-0702: Unauthenticated Log Injection In Splunk SOAR
Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log...
SVD-2023-0701: Splunk SOAR Cryptography Python Package Upgrade Incompatibility
In version 6.1.1 of Splunk SOAR, Splunk will upgrade the Python cryptography library to version 41.0.1 in early September to address a known security vulnerability in earlier libraries.
If you created custom apps that specify Python cryptography library...
SVD-2023-0614: June Third Party Package Updates in Splunk Universal Forwarders
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.1.14, 8.2.11, and 9.0.5 of Splunk Universal Forwarder
SVD-2023-0602: ‘edit_user’ Capability Privilege Escalation
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to...
Researchers Spot Novel “Deadglyph” Backdoor
Malware is linked to UAE-backed spies
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection
Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time.
"While this activity occurred around the same time and in some instances even simultaneously...
T-mobile exposes some customer data – but don’t call it a breach
PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that...
