CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-22940

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.4%

CVSS Severity

CVSS v3 Score 6.3

References

Products affected by CVE-2023-22940

Splunk » Splunk » Version: 8.1.0

cpe:2.3:a:splunk:splunk:8.1.0
Splunk » Splunk » Version: 8.1.1

cpe:2.3:a:splunk:splunk:8.1.1
Splunk » Splunk » Version: 8.1.12

cpe:2.3:a:splunk:splunk:8.1.12
Splunk » Splunk » Version: 8.1.2

cpe:2.3:a:splunk:splunk:8.1.2
Splunk » Splunk » Version: 8.1.4

cpe:2.3:a:splunk:splunk:8.1.4
Splunk » Splunk » Version: 8.1.5

cpe:2.3:a:splunk:splunk:8.1.5
Splunk » Splunk » Version: 8.1.6

cpe:2.3:a:splunk:splunk:8.1.6
Splunk » Splunk » Version: 8.1.7

cpe:2.3:a:splunk:splunk:8.1.7
Splunk » Splunk » Version: 8.2.0

cpe:2.3:a:splunk:splunk:8.2.0
Splunk » Splunk » Version: 8.2.9

cpe:2.3:a:splunk:splunk:8.2.9
Splunk » Splunk » Version: 9.0.0

cpe:2.3:a:splunk:splunk:9.0.0
Splunk » Splunk » Version: 9.0.3

cpe:2.3:a:splunk:splunk:9.0.3
Splunk » Splunk Cloud Platform » Version: N/A

cpe:2.3:a:splunk:splunk_cloud_platform:-
Splunk » Splunk Cloud Platform » Version: 8.1.2103

cpe:2.3:a:splunk:splunk_cloud_platform:8.1.2103
Splunk » Splunk Cloud Platform » Version: 8.2.2105

cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2105
Splunk » Splunk Cloud Platform » Version: 8.2.2106

cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2106
Splunk » Splunk Cloud Platform » Version: 8.2.2107

cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2107
Splunk » Splunk Cloud Platform » Version: 8.2.2109

cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2109
Splunk » Splunk Cloud Platform » Version: 8.2.2111

cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2111
Splunk » Splunk Cloud Platform » Version: 8.2.2112

cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2112
Splunk » Splunk Cloud Platform » Version: 8.2.2201

cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2201
Splunk » Splunk Cloud Platform » Version: 8.2.2202

cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2202
Splunk » Splunk Cloud Platform » Version: 8.2.2203

cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2203
Splunk » Splunk Cloud Platform » Version: 9.0.2209

cpe:2.3:a:splunk:splunk_cloud_platform:9.0.2209

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-22940

Products

Pricing

Contact Us