Vulnerabilities

Splunk Patches Vulnerabilities in Enterprise Product

Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue.

Published

Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue.

Splunk on Wednesday announced security patches for its Enterprise product, including for vulnerabilities that have been assigned a ‘high severity’ rating. 

Individual advisories have been published for two high-severity vulnerabilities patched in Splunk Enterprise. One of them, CVE-2024-29946, impacts the Dashboard Examples Hub in the Splunk Dashboard Studio app and can be exploited to bypass protections for risky Search Processing Language (SPL) commands.

“This could let attackers bypass SPL safeguards for risky commands with the permissions of a highly-privileged user in the Hub,” Splunk said, adding that “the vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.”

The second flaw, CVE-2024-29945, is related to the potential exposure of authentication tokens during the token validation process. 

“This exposure could happen when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. Normally, Splunk Enterprise runs with debug mode and token authentication turned off, as well as the JsonWebToken process configured at the INFO logging level,” Splunk explained.

The company noted that an attacker would need local access to log files or admin access to internal indexes to exploit the vulnerability. 

Patches, mitigations and workarounds are available for each of these vulnerabilities. 

Splunk has also patched several vulnerabilities introduced in Splunk Enterprise and Splunk Universal Forwarder by the use of third-party packages such as Curl, OpenSSL, Go, PyWin32, Apache Hive and FasterXML’s Jackson. 

Advertisement. Scroll to continue reading.

The issues affecting Universal Forwarder have a ‘low’ or ‘informational’ severity rating, but the Enterprise issues include high- and medium-severity flaws. 

Splunk was recently acquired by Cisco for $28 billion. The networking giant plans on leveraging Splunk’s AI, security and observability technology to boost its capabilities. 

Related: Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence

Related: High-Severity Vulnerabilities Patched in Splunk Enterprise

Related: Splunk Enterprise Updates Patch High-Severity Vulnerabilities

In this article:

Related Content

Vulnerabilities

High-Severity Vulnerability Patched in Splunk Enterprise

The latest Splunk Enterprise releases patch multiple vulnerabilities, including a high-severity flaw in the Windows version.

January 23, 2024

Vulnerabilities

Intel, AMD, Zoom, Splunk Release Patch Tuesday Security Advisories

Intel, AMD, Zoom and Splunk released security advisories on Patch Tuesday to inform customers about vulnerabilities found in their products.

January 11, 2024
Cisco

Funding/M&A

Cisco to Acquire Splunk for $28 Billion

Cisco will boost its cybersecurity capabilities by shelling out $28 billion to buy Splunk, which Cisco says will drive the next generation of AI-enabled...

September 21, 2023

Vulnerabilities

Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence

Splunk has released patches for multiple high-severity vulnerabilities impacting Splunk Enterprise and IT Service Intelligence.

August 31, 2023

Vulnerabilities

Splunk Enterprise Updates Patch High-Severity Vulnerabilities

Splunk updates for Enterprise products resolve multiple high-severity vulnerabilities, including several in third-party packages.

February 15, 2023

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version