Klevis Luli

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 9.4.2 Splunk Enterprise versions prior to 9.3.4 Splunk Enterprise versions prior to 9.2.6 Splunk Cloud Platform versions prior to 9.3.2411.102 Splunk Cloud Platform versions prior to 9.3.2408.111 Splunk Cloud Platform versions prior to 9.2.2406.118 **Description** A low-privileged user without the "admin" or "power" Splunk roles could craft a malicious payload through the "pdfgen/render" REST endpoint, potentially resulting in the execution of unauthorized JavaScript code in a user's browser. **Recommendations** For Splunk Enterprise versions prior to 9.4.2, update to version 9.4.2 or later. For Splunk Enterprise versions prior to 9.3.4, update to version 9.3.4 or later. For Splunk Enterprise versions prior to 9.2.6, update to version 9.2.6 or later. For Splunk Cloud Platform versions prior to 9.3.2411.102, update to version 9.3.2411.102 or later. For Splunk Cloud Platform versions prior to 9.3.2408.111, update to version 9.3.2408.111 or later. For Splunk Cloud Platform versions prior to 9.2.2406.118, update to version 9.2.2406.118 or later. As a temporary workaround, consider restricting access to the "pdfgen/render" REST endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 **Description** The issue allows a search to bypass safeguards for risky commands using the `map` search processing language (SPL) command. This requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. **Recommendations** For versions prior to 8.1.13, update to version 8.1.13 or later. For versions prior to 8.2.10, update to version 8.2.10 or later. For versions prior to 9.0.4, update to version 9.0.4 or later.