From splunk.com
Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway
0 0
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk...
on Dec 10
From splunk.com
Risky command safeguards bypass in “/en-US/app/search/report“ endpoint through “s“ parameter
0 0
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a...
on Dec 10
From splunk.com
Third-Party Package Updates in Splunk Enterprise - December 2024
0 0
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 9.1.7, 9.2.4, and 9.3.2, and higher, including the following:
on Dec 10
From splunk.com
Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app
0 0
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE).<br><br>The RCE...
on Dec 10
From splunk.com
Information Disclosure due to Username Collision with a Role that has the same Name as the User
0 0
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to a dashboard, could see the...
on Dec 10
From splunk.com
Announcing Our New 2024-2025 Grantees: Bridging the Data Divide | Splunk
0 0
Splunk Social Impact is tackling the Data Divide—the gap between the growing use of data to drive commercial success and its limited application in addressing pressing social and environmental challenges.
on Dec 10
From splunk.com
Third-Party Package Updates in Splunk Universal Forwarder - December 2024
0 0
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder versions 9.1.7, 9.2.4, and 9.3.2, and higher, including the following:
on Dec 10
From splunk.com
Sensitive Information Disclosure through SPL commands
0 0
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability,...
on Dec 10
From splunk.com
Splunk Certification Exam Study Guide | Splunk
0 0
Everything you need to know about the Splunk Certification program.
on Dec 8
From splunk.com
Cracking Braodo Stealer: Analyzing Python Malware and Its Obfuscated Loader | Splunk
0 0
The Splunk Threat Research Team break down Braodo Stealer's loader mechanisms, obfuscation strategies, and payload behavior.
on Nov 27
From splunk.com
Third-Party Package Updates in Splunk Machine Learning Toolkit - November 2024
0 0
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Machine Learning Toolkit (MLTK) version 5.5.0 including the following:
on Nov 26
From splunk.com
Third-Party Package Updates in Python for Scientific Computing - November 2024
0 0
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Python for Scientific Computing versions 3.2.2, 4.2.2 and higher. including the following:
on Nov 26
From splunk.com
Bypassing the Bypass: Detecting Okta Classic Application Sign-On Policy Evasion | Splunk
0 0
The Splunk Threat Research Team dives into the Okta policy bypass vulnerability, offering detection insights and effective hunting strategies for security teams.
on Nov 26
From splunk.com
CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102) | Splunk
0 0
The Splunk Research Team dissects the technical intricacies of the CosmicSting vulnerability, explores its potential impact on affected systems, and provides detection opportunities and mitigation strategies.
on Nov 25
From splunk.com
Fantastic IIS Modules and How to Find Them | Splunk
0 0
This blog showcases how to enable and ingest IIS operational logs, utilize PowerShell scripted inputs to ingest installed modules and simulate AppCmd and PowerShell adding new IIS modules and disable HTTP logging using Atomic Red Team.
on Nov 22
From splunk.com
Hunting for Malicious PowerShell using Script Block Logging | Splunk
0 0
The Splunk Threat Research Team recently began evaluating ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging to assist enterprise defenders in finding malicious PowerShell scripts.
on Nov 19
From splunk.com
Threat Hunting in 2024: Must-Have Resources & Tasks for Every Hunter | Splunk
0 1
What are the most important things threat hunters do every day? We surveyed professionals and here are the must-have tasks and resources.
on Nov 9
From splunk.com
Third-Party Package Updates in the Splunk Add-on for Google Cloud Platform - October 2024
0 0
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in the Splunk Add-on for Google Cloud Platform versions 4.7.0 and higher, including the following:
on Oct 30
From splunk.com
Third-Party Package Updates in the Splunk Add-on for Cisco Meraki - October 2024
0 0
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in the Splunk Add-on for Cisco Meraki version 2.2.0 and higher, including the following:
on Oct 30
From splunk.com
0 0
In Splunk Enterprise versions below 9.2.3, and 9.1.6, a low-privileged user that does not hold the
on Oct 17
From splunk.com
Improper Access Control for low-privileged user in Splunk Secure Gateway App
0 0
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the
on Oct 17
From splunk.com
Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app
0 0
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the
on Oct 17
From splunk.com
Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise
0 0
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the
on Oct 17
From splunk.com
Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
0 0
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the
on Oct 17
From splunk.com
0 0
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the
on Oct 17
From splunk.com
Sensitive information disclosure in AdminManager logging channel
0 0
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise `AdminManager` log channel at the DEBUG logging level.<br><br>The...
on Oct 17
From splunk.com
Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise
0 0
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the
on Oct 17
From splunk.com
0 0
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the
on Oct 17
From splunk.com
Sensitive information disclosure in REST_Calls logging channel
0 0
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level.<br><br>The vulnerability would...
on Oct 17
From splunk.com
Third-Party Package Updates in Splunk Enterprise - October 2024
0 0
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 9.3.1, 9.2.3, 9.1.6, and higher, including the following:
on Oct 17
From splunk.com
0 0
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the
on Oct 17
From splunk.com
Mastering Interviews Using the STAR Technique | Splunk
0 1
Learn the basics of the STAR interview technique and how to apply them with sample questions and answers.
on Sep 3
From splunk.com
Demystifying the Effects of System Changes on Business Metrics | Splunk
0 1
SREs: Need more visibility into how changes in your application environment impact your business? Discover key strategies in this ebook.
on Sep 2
From splunk.com
Free Training Courses | Splunk
0 1
Sign up for free, self-paced Splunk training courses. You can learn anytime, from anywhere about a range of topics so you can become a Splunk platform pro.
on Aug 31
From splunk.com
Staff Picks for Splunk Security Reading August 2024 | Splunk
0 1
Splunk security experts share their curated list of presentations, whitepapers, and customer case studies that they feel are worth a read.
on Aug 30
From splunk.com
Splunk | The Key to Enterprise Resilience
0 0
Splunk is the key to enterprise resilience. Our platform enables organizations around the world to prevent major issues, absorb shocks and accelerate digital transformation.
on Aug 25
From splunk.com
Third-Party Package Updates in Python for Scientific Computing - August 2024
0 1
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Python for Scientific Computing version 4.2.1 including the following:
on Aug 13
From splunk.com
Blacklist & Whitelist: Terms To Avoid | Splunk
0 1
In this article, we will dive into why “blacklist” and “whitelist” are not inclusive terms and explore potential alternatives that can promote a more inclusive language.
on Aug 11
From splunk.com
Fortify Digital Resilience with Splunk + Cisco Talos Incident Response | Splunk
0 0
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
on Aug 7
From splunk.com
LLM Security: Splunk & OWASP Top 10 for LLM-based Applications | Splunk
0 0
Threats to LLMs are real. Let’s look at top LLM threats and show you how, with Splunk, you can better defend LLM-based applications and their users.
on Aug 6
From splunk.com
0 0
What impacts will new generative AI advancements have on data privacy regulation in 2024? And how should companies prepare?
on Jul 11
From splunk.com
Denial of Service through null pointer reference in “cluster/config” REST endpoint
0 0
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the “cluster/config” REST endpoint, which could result in a crash of the Splunk daemon.
on Jul 5
From splunk.com
Remote Code Execution through dashboard PDF generation component
0 0
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.203, an authenticated user could execute arbitrary code through the dashboard PDF generation component.<br><br>The pdfgen/render REST endpoint uses a vulnerable version...
on Jul 5
From splunk.com
Low-privileged user could create experimental items
0 0
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the “admin” or “power” Splunk roles could create experimental items.
on Jul 1
From splunk.com
Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows
0 0
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.<br><br>The exploit requires the use of the...
on Jul 1
From splunk.com
Command Injection using External Lookups
0 0
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code...
on Jul 1
From splunk.com
Insecure File Upload in the indexing/preview REST endpoint
0 0
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the “admin” or “power” Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST...
on Jul 1
From splunk.com
Persistent Cross-site Scripting (XSS) in Dashboard Elements
0 0
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that...
on Jul 1
From splunk.com
Persistent Cross-site Scripting (XSS) in Web Bulletin
0 0
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could...
on Jul 1
From splunk.com
Risky command safeguards bypass through Search ID query in Analytics Workspace
0 0
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass [SPL safeguards for risky...
on Jul 1