Splunk Flaws Include High-Severity SSRF, XSS Bugs

Splunk has addressed six security vulnerabilities affecting its Enterprise and Cloud Platform products. The flaws range from medium to high severity and include cross-site scripting (XSS), improper access control, and denial-of-service risks. The most critical vulnerability is an unauthenticated blind server-side request forgery (SSRF) flaw that could allow an attacker to perform API calls on behalf of a high-privileged user. These vulnerabilities could be exploited to compromise system integrity or access unauthorized data. Splunk has released patches, and customers are strongly urged to upgrade their deployments to mitigate these threats.

Latest mentioned: 10-02

Earliest mentioned: 10-02

Sources

securityonline.info gbhackers.com

Also Read

Critical DrayTek Router Flaw Allows Remote Attacks

A critical vulnerability has been discovered in numerous DrayTek routers running DrayOS, allowing for potential remote code execution. The flaw can be exploited by an unauthenticated attacker sending a specially crafted request to the device's web interface. Successful exploitation can cause memory corruption, leading to a system crash or allowing an attacker to run arbitrary code. While routers with remote access disabled are protected from external threats, attackers on the local network can still exploit the vulnerability. The manufacturer has released firmware updates to patch the issue and strongly advises all users to upgrade their devices immediately.

10-03Read more →