Stök

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 10.2.0 Splunk Enterprise versions 10.0.2 through 10.0.2 Splunk Enterprise versions 9.2.12 through 9.4.8 Splunk Enterprise versions 9.3.9 Splunk Cloud Platform versions prior to 10.2.2510.3 Splunk Cloud Platform versions 10.0.2503.9 through 10.1.2507.8 Splunk Cloud Platform versions 9.3.2411.121 **Description** A user with limited privileges, lacking 'admin' or 'power' roles in Splunk, can create a malicious payload within the `realname`, `tz`, or `email` parameters of the `/splunkd/ raw/services/authentication/users/username` REST API endpoint when changing a password. This could potentially cause a client-side denial-of-service (DoS), significantly slowing page load times or causing Splunk Web to become temporarily unresponsive. The API endpoint is `/splunkd/ raw/services/authentication/users/username`. The vulnerable parameters are `realname`, `tz`, and `email`. **Recommendations** Update Splunk Enterprise to version 10.2.0 or later. Update Splunk Enterprise to version 10.0.2 or later. Update Splunk Enterprise to version 9.4.8 or later. Update Splunk Enterprise to version 9.3.9 or later. Update Splunk Enterprise to version 9.2.12 or later. Update Splunk Cloud Platform to version 10.2.2510.3 or later. Update Splunk Cloud Platform to version 10.1.2507.8 or later. Update Splunk Cloud Platform to version 10.0.2503.9 or later. Update Splunk Cloud Platform to version 9.3.2411.121 or later.