Splunk

Splunk has suffered a security incident due to two separate high-severity vulnerabilities. The first vulnerability enables RCE, allowing low-privileged users to execute arbitrary code through malicious file uploads, affecting Splunk Enterprise and Splunk Cloud Platform before certain versions. The second vulnerability affects the Splunk Secure Gateway app, where users can search with higher-privileged permissions, leading to potential unauthorized disclosure of sensitive information. Both issues have been patched, with suggested updates provided to Splunk users to remediate the risk. The security flaws highlight the critical importance of maintaining updated systems and monitoring access control within corporate environments to prevent data breaches and maintain operational integrity.

Source: https://cybersecuritynews.com/splunk-rce-vulnerability-arbitrary-code/

TPRM report: https://scoringcyber.rankiteo.com/company/splunk

"id": "spl355032725",
"linkid": "splunk",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': 'Software',
                        'name': 'Splunk',
                        'type': 'Corporation'}],
 'attack_vector': ['Malicious File Uploads', 'Privilege Escalation'],
 'description': 'Splunk has suffered a security incident due to two separate '
                'high-severity vulnerabilities. The first vulnerability '
                'enables RCE, allowing low-privileged users to execute '
                'arbitrary code through malicious file uploads, affecting '
                'Splunk Enterprise and Splunk Cloud Platform before certain '
                'versions. The second vulnerability affects the Splunk Secure '
                'Gateway app, where users can search with higher-privileged '
                'permissions, leading to potential unauthorized disclosure of '
                'sensitive information. Both issues have been patched, with '
                'suggested updates provided to Splunk users to remediate the '
                'risk. The security flaws highlight the critical importance of '
                'maintaining updated systems and monitoring access control '
                'within corporate environments to prevent data breaches and '
                'maintain operational integrity.',
 'impact': {'systems_affected': ['Splunk Enterprise',
                                 'Splunk Cloud Platform',
                                 'Splunk Secure Gateway app']},
 'lessons_learned': 'The critical importance of maintaining updated systems '
                    'and monitoring access control within corporate '
                    'environments to prevent data breaches and maintain '
                    'operational integrity.',
 'post_incident_analysis': {'corrective_actions': ['Patches and updates '
                                                   'provided to users'],
                            'root_causes': ['Remote Code Execution (RCE) '
                                            'through malicious file uploads',
                                            'Unauthorized disclosure of '
                                            'sensitive information through '
                                            'privilege escalation']},
 'response': {'remediation_measures': ['Patches provided to users',
                                       'Suggested updates to remediate risk']},
 'title': 'Splunk Security Incident',
 'type': 'Security Vulnerabilities',
 'vulnerability_exploited': ['Remote Code Execution (RCE)',
                             'Unauthorized Disclosure of Sensitive '
                             'Information']}