PT-2025-4607 · Splunk · Splunk App For Soar

Gabriel Nitu

Publicado

2025-01-07

Atualizado

2025-01-15

CVE-2025-22621

CVSS v2.0

6.6

Média

Vetor

AV:N/AC:H/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Splunk App for SOAR versions 1.0.67 and lower

Description The issue is related to improper access control. In the affected versions of the Splunk App for SOAR, the documentation recommended adding the admin all objects capability to the splunk app soar role. This could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles.

Recommendations For versions 1.0.67 and lower, remove the admin all objects capability from the splunk app soar role to prevent improper access control. As a temporary workaround, consider restricting the splunk app soar role to minimize the risk of exploitation.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

BDU:2025-02663

CVE-2025-22621

Produtos afetados

Splunk App For Soar

PT-2025-4607 · Splunk · Splunk App For Soar

CVE-2025-22621

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7