Eric Mcginnis

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 **Description** The software potentially exposes sensitive HTTP parameters to the ` internal` index if the `REST Calls` log channel is configured at the DEBUG logging level. This issue is related to insufficient protection of service data, which could allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 9.3.1, update to version 9.3.1 or later to resolve the issue. For versions prior to 9.2.3, update to version 9.2.3 or later to resolve the issue. For versions prior to 9.1.6, update to version 9.1.6 or later to resolve the issue. As a temporary workaround, consider configuring the `REST Calls` log channel at a logging level other than DEBUG to minimize the risk of sensitive HTTP parameter exposure.

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Description: The software potentially exposes plaintext passwords for local native authentication Splunk users when the Splunk Enterprise AdminManager log channel is configured at the DEBUG logging level. This issue is related to insufficient protection of service data, which could allow a remote attacker to disclose protected information. Recommendations: For versions prior to 9.3.1, update to version 9.3.1 or later to resolve the issue. For versions prior to 9.2.3, update to version 9.2.3 or later to resolve the issue. For versions prior to 9.1.6, update to version 9.1.6 or later to resolve the issue. As a temporary workaround, consider avoiding the configuration of the Splunk Enterprise AdminManager log channel at the DEBUG logging level until a patch is available.