Scott Calvert

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 **Description** An unauthorized user can access the "/services/indexing/preview" REST endpoint to overwrite search results if they know the search ID (`SID`) of an existing search job. **Recommendations** For Splunk Enterprise versions prior to 9.0.5, update to version 9.0.5 or later. For Splunk Enterprise versions prior to 8.2.11, update to version 8.2.11 or later. For Splunk Enterprise versions prior to 8.1.14, update to version 8.1.14 or later. For Splunk Cloud Platform versions prior to 9.0.2303.100, update to version 9.0.2303.100 or later. As a temporary workaround, consider restricting access to the "/services/indexing/preview" REST endpoint until a patch is available.