Vikram Ashtaputre

**Name of the Vulnerable Software and Affected Versions** Splunk Add-on Builder versions prior to 4.1.4 **Description** The issue is related to the application writing user session tokens to its internal log files when visiting the Splunk Add-on Builder or when building or editing a custom app or add-on. This is due to incorrect handling of log output. Exploitation of this issue may allow a remote attacker to gain unauthorized access to edit applications. **Recommendations** For versions prior to 4.1.4, update to version 4.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the internal log files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Splunk Add-on Builder versions prior to 4.1.4 **Description** The issue is related to improper handling of log output, allowing a remote attacker to write arbitrary information to internal log files. This can lead to the exposure of sensitive information. **Recommendations** For versions prior to 4.1.4, update to version 4.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to internal log files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 9.0.8 **Description** The issue is related to the Splunk RapidDiag utility, which discloses server responses from external applications in a log file due to insufficient protection of registration data. This could allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 9.0.8, update to version 9.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files generated by the Splunk RapidDiag utility to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise Security (ES) versions prior to 7.1.2 **Description** The issue allows an attacker to perform a denial of service (DoS) to the Investigation by using investigation attachments. This is possible because the attachment endpoint does not properly limit the size of the request, letting an attacker cause the Investigation to become inaccessible. **Recommendations** For versions prior to 7.1.2, update to version 7.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the attachment endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 **Description** An unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon. **Recommendations** For versions prior to 9.0.5, update to version 9.0.5 or later. For versions prior to 8.2.11, update to version 8.2.11 or later. For versions prior to 8.1.14, update to version 8.1.14 or later.