Eric Lamothe

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 9.4.4 Splunk Enterprise versions 9.2.8 through 9.3.6 Splunk Cloud Platform versions prior to 9.3.2411.108 Splunk Cloud Platform versions 9.2.2406.123 through 9.3.2408.118 **Description** A user with limited privileges, lacking administrative or power roles within Splunk, may be able to inject XML external entities (XXE) through the dashboard tab label field. This XXE injection could potentially lead to denial of service (DoS) attacks. An XML external entity (XXE) injection is a web security issue that allows attackers to interfere with an application's processing of XML data. **Recommendations** Update Splunk Enterprise to version 9.4.4 or later. Update Splunk Enterprise to version 9.3.6 or later. Update Splunk Enterprise to version 9.2.8 or later. Update Splunk Cloud Platform to version 9.3.2411.108 or later. Update Splunk Cloud Platform to version 9.3.2408.118 or later. Update Splunk Cloud Platform to version 9.2.2406.123 or later.

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise Security (ES) versions prior to 7.1.2 **Description** The issue allows an attacker to create a malformed Investigation, leading to a denial of service (DoS) that prevents the generation and rendering of the Investigations manager until the malformed investigation is deleted. This requires an authenticated session and access to create an Investigation, affecting the availability of the Investigations manager and rendering the Investigations functionality unusable for most users. **Recommendations** For versions prior to 7.1.2, update to version 7.1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise version 9.0.0 **Description** The issue arises when using Ingest Actions to configure a destination on Amazon Simple Storage Service (S3) in Splunk Web, where TLS certificate validation is not correctly performed. This affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web, specifically in environments with configured TLS certificate validation. It does not impact destinations configured directly in the outputs.conf configuration file. **Recommendations** For Splunk Enterprise version 9.0.0, consider disabling the use of Ingest Actions for configuring S3 destinations in Splunk Web until a fix is available, and instead, configure destinations directly in the outputs.conf configuration file to bypass the vulnerability.

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise (affected versions not specified) **Description** The issue allows an authenticated user to create a dashboard that could potentially leak information, such as `username`, `email`, and `real name`, about Splunk users when visited by another user through the drilldown component. This requires user access to create and share dashboards using Splunk Web. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.