Refine your search
7 vulnerabilities found for Splunk Secure Gateway by Splunk
CERTFR-2025-AVI-1063
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk | Splunk Enterprise versions 9.4.x antérieures à 9.4.6 | ||
| Splunk | Splunk | Splunk Cloud Platform versions 10.1.2507.x antérieures à 10.1.2507.10 | ||
| Splunk | Splunk | Splunk MCP Server versions 0.2.x antérieures à 0.2.4 | ||
| Splunk | Splunk | Splunk Enterprise versions 10.0.x antérieures à 10.0.2 | ||
| Splunk | Splunk | Splunk Enterprise versions 9.3.x antérieures à 9.3.8 | ||
| Splunk | Splunk | Splunk Enterprise versions 9.2.x antérieures à 9.2.10 | ||
| Splunk | Splunk Secure Gateway | Splunk Secure Gateway versions 3.9.x antérieures à 3.9.10 | ||
| Splunk | Splunk Secure Gateway | Splunk Secure Gateway versions 3.8.x antérieures à 3.8.58 | ||
| Splunk | Splunk | Splunk Cloud Platform versions 10.0.2503.x antérieures à 10.0.2503.8 | ||
| Splunk | Splunk | Splunk Cloud Platform versions 9.3.2411.x antérieures à 9.3.2411.120 | ||
| Splunk | Splunk Secure Gateway | Splunk Secure Gateway versions 3.7.x antérieures à 3.7.28 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.6",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507.x ant\u00e9rieures \u00e0 10.1.2507.10",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk MCP Server versions 0.2.x ant\u00e9rieures \u00e0 0.2.4",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.8",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.10",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Secure Gateway versions 3.9.x ant\u00e9rieures \u00e0 3.9.10",
"product": {
"name": "Splunk Secure Gateway",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Secure Gateway versions 3.8.x ant\u00e9rieures \u00e0 3.8.58",
"product": {
"name": "Splunk Secure Gateway",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503.x ant\u00e9rieures \u00e0 10.0.2503.8",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411.x ant\u00e9rieures \u00e0 9.3.2411.120",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Secure Gateway versions 3.7.x ant\u00e9rieures \u00e0 3.7.28",
"product": {
"name": "Splunk Secure Gateway",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20387"
},
{
"name": "CVE-2025-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20386"
},
{
"name": "CVE-2025-20382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20382"
},
{
"name": "CVE-2025-20383",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20383"
},
{
"name": "CVE-2025-20388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20388"
},
{
"name": "CVE-2025-20384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20384"
},
{
"name": "CVE-2025-20389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20389"
},
{
"name": "CVE-2025-20381",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20381"
},
{
"name": "CVE-2025-20385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20385"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
}
],
"initial_release_date": "2025-12-04T00:00:00",
"last_revision_date": "2025-12-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1063",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1205",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1205"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1201",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1201"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1208",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1208"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1204",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1204"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1207",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1207"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1203",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1203"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1206",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1206"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1202",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1202"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1209",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1209"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1210",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1210"
}
]
}
CERTFR-2025-AVI-0245
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Secure Gateway | Splunk Secure Gateway versions 3.8.x antérieures à 3.8.38 | ||
| Splunk | Splunk Secure Gateway | Splunk Secure Gateway versions 3.7.x antérieures à 3.7.23 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2408.10x antérieures à 9.3.2408.107 | ||
| Splunk | Splunk Add-on for Microsoft Cloud Services | Splunk Add-on for Microsoft Cloud Services versions 5.4.x antérieures à 5.4.3 | ||
| Splunk | Splunk DB Connect | Splunk DB Connect versions antérieures à 4.0.0 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.1.x antérieures à 9.1.8 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.1.x antérieures à 9.1.2312.208 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.3 | ||
| Splunk | Splunk Infrastructure Monitoring Add-on | Splunk Infrastructure Monitoring Add-on versions antérieures à 1.2.7 | ||
| Splunk | Splunk App for Data Science and Deep Learning | Splunk App for Data Science and Deep Learning versions 5.1.x antérieures à 5.2.0 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.2.x antérieures à 9.2.5 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.2.x antérieures à 9.2.2403.115 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.1 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.2.2406.10x antérieures à 9.2.2406.113 | ||
| Splunk | Splunk App for Lookup File Editing | Splunk App for Lookup File Editing versions 4.0.x antérieures à 4.0.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Secure Gateway versions 3.8.x ant\u00e9rieures \u00e0 3.8.38",
"product": {
"name": "Splunk Secure Gateway",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Secure Gateway versions 3.7.x ant\u00e9rieures \u00e0 3.7.23",
"product": {
"name": "Splunk Secure Gateway",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2408.10x ant\u00e9rieures \u00e0 9.3.2408.107",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Add-on for Microsoft Cloud Services versions 5.4.x ant\u00e9rieures \u00e0 5.4.3",
"product": {
"name": "Splunk Add-on for Microsoft Cloud Services",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk DB Connect versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "Splunk DB Connect",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise\tversions 9.1.x ant\u00e9rieures \u00e0 9.1.8",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.1.x ant\u00e9rieures \u00e0 9.1.2312.208",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise\tversions 9.3.x ant\u00e9rieures \u00e0 9.3.3",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Infrastructure Monitoring Add-on versions ant\u00e9rieures \u00e0 1.2.7",
"product": {
"name": "Splunk Infrastructure Monitoring Add-on",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk App for Data Science and Deep Learning versions 5.1.x ant\u00e9rieures \u00e0 5.2.0",
"product": {
"name": "Splunk App for Data Science and Deep Learning",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise\tversions 9.2.x ant\u00e9rieures \u00e0 9.2.5",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.2.x ant\u00e9rieures \u00e0 9.2.2403.115",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise\tversions 9.4.x ant\u00e9rieures \u00e0 9.4.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.2.2406.10x ant\u00e9rieures \u00e0 9.2.2406.113",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk App for Lookup File Editing versions 4.0.x ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "Splunk App for Lookup File Editing",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20229"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2025-20232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20232"
},
{
"name": "CVE-2025-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20227"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2025-20226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20226"
},
{
"name": "CVE-2024-38999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
},
{
"name": "CVE-2025-20228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20228"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2024-21272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21272"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-21090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21090"
},
{
"name": "CVE-2025-20231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20231"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-20233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20233"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2025-20230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20230"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
}
],
"initial_release_date": "2025-03-27T00:00:00",
"last_revision_date": "2025-03-27T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0245",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0301",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0301"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0302",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0302"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0312",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0312"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0313",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0313"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0309",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0309"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0306",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0306"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0304",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0304"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0307",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0307"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0305",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0305"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0303",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0303"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0310",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0310"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0308",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0308"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0311",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0311"
}
]
}
CERTFR-2024-AVI-1061
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Universal Forwarder | Splunk Universal Forwarders versions 9.1.x antérieures à 9.1.7 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarders versions 9.2.x antérieures à 9.2.4 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarders versions 9.3.x antérieures à 9.3.2 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.2.2406.x antérieures à 9.2.2406.107 | ||
| Splunk | Splunk Enterprise | Splunk Entreprise versions 9.2.x antérieures à 9.2.4 | ||
| Splunk | Splunk Secure Gateway | Splunk Secure Gateway versions 3.8.x antérieures à 3.8.5 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.2.2403.x antérieures à 9.2.2403.111 | ||
| Splunk | Splunk Enterprise | Splunk Entreprise versions 9.1.x antérieures à 9.1.7 | ||
| Splunk | Splunk Enterprise | Splunk Entreprise versions 9.3.x antérieures à 9.3.2 | ||
| Splunk | Splunk Secure Gateway | Splunk Secure Gateway versions 3.4.x antérieures à 3.4.262 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2408.x antérieures à 9.3.2408.101 | ||
| Splunk | Splunk Secure Gateway | Splunk Secure Gateway versions 3.7.x antérieures à 3.7.18 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.1.2312.x antérieures à 9.1.2312.206 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Universal Forwarders versions 9.1.x ant\u00e9rieures \u00e0 9.1.7",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarders versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarders versions 9.3.x ant\u00e9rieures \u00e0 9.3.2",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.2.2406.x ant\u00e9rieures \u00e0 9.2.2406.107",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Entreprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Secure Gateway versions 3.8.x ant\u00e9rieures \u00e0 3.8.5",
"product": {
"name": "Splunk Secure Gateway",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.2.2403.x ant\u00e9rieures \u00e0 9.2.2403.111",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Entreprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.7",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Entreprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.2",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Secure Gateway versions 3.4.x ant\u00e9rieures \u00e0 3.4.262",
"product": {
"name": "Splunk Secure Gateway",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2408.x ant\u00e9rieures \u00e0 9.3.2408.101",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Secure Gateway versions 3.7.x ant\u00e9rieures \u00e0 3.7.18",
"product": {
"name": "Splunk Secure Gateway",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.1.2312.x ant\u00e9rieures \u00e0 9.1.2312.206",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2024-53245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53245"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-53247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53247"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-53244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53244"
},
{
"name": "CVE-2024-53243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53243"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"name": "CVE-2024-36129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36129"
},
{
"name": "CVE-2021-44531",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
},
{
"name": "CVE-2024-53246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53246"
}
],
"initial_release_date": "2024-12-11T00:00:00",
"last_revision_date": "2024-12-11T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1061",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1204",
"url": "https://advisory.splunk.com/advisories/SVD-2024-1204"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1201",
"url": "https://advisory.splunk.com/advisories/SVD-2024-1201"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1203",
"url": "https://advisory.splunk.com/advisories/SVD-2024-1203"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1207",
"url": "https://advisory.splunk.com/advisories/SVD-2024-1207"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1206",
"url": "https://advisory.splunk.com/advisories/SVD-2024-1206"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1205",
"url": "https://advisory.splunk.com/advisories/SVD-2024-1205"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1202",
"url": "https://advisory.splunk.com/advisories/SVD-2024-1202"
}
]
}
CVE-2025-20389 (GCVE-0-2025-20389)
Vulnerability from nvd
Published
2025-12-03 17:00
Modified
2025-12-03 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
Summary
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.2 Version: 9.4 < 9.4.6 Version: 9.3 < 9.3.8 Version: 9.2 < 9.2.10 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:36:48.311013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:37:01.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.2",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.6",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.10",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.6",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.8",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.120",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
},
{
"product": "Splunk Secure Gateway",
"vendor": "Splunk",
"versions": [
{
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9",
"versionType": "custom"
},
{
"lessThan": "3.8.58",
"status": "affected",
"version": "3.8",
"versionType": "custom"
},
{
"lessThan": "3.7.28",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS)."
}
],
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T17:00:55.364Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1208"
}
],
"source": {
"advisory": "SVD-2025-1208"
},
"title": "Improper Input Validation in \"label\" column field in Splunk Secure Gateway App"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20389",
"datePublished": "2025-12-03T17:00:55.364Z",
"dateReserved": "2024-10-10T19:15:13.266Z",
"dateUpdated": "2025-12-03T21:37:01.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20383 (GCVE-0-2025-20383)
Vulnerability from nvd
Published
2025-12-03 17:00
Modified
2025-12-03 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Summary
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.2 Version: 9.4 < 9.4.6 Version: 9.3 < 9.3.8 Version: 9.2 < 9.2.10 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:33:01.823595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:33:17.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.2",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.6",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.10",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.6",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.8",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.120",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
},
{
"product": "Splunk Secure Gateway",
"vendor": "Splunk",
"versions": [
{
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9",
"versionType": "custom"
},
{
"lessThan": "3.8.58",
"status": "affected",
"version": "3.8",
"versionType": "custom"
},
{
"lessThan": "3.7.28",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"datePublic": "2025-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert."
}
],
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T17:00:36.414Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1202"
}
],
"source": {
"advisory": "SVD-2025-1202"
},
"title": "Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20383",
"datePublished": "2025-12-03T17:00:36.414Z",
"dateReserved": "2024-10-10T19:15:13.264Z",
"dateUpdated": "2025-12-03T21:33:17.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20389 (GCVE-0-2025-20389)
Vulnerability from cvelistv5
Published
2025-12-03 17:00
Modified
2025-12-03 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
Summary
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.2 Version: 9.4 < 9.4.6 Version: 9.3 < 9.3.8 Version: 9.2 < 9.2.10 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:36:48.311013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:37:01.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.2",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.6",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.10",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.6",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.8",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.120",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
},
{
"product": "Splunk Secure Gateway",
"vendor": "Splunk",
"versions": [
{
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9",
"versionType": "custom"
},
{
"lessThan": "3.8.58",
"status": "affected",
"version": "3.8",
"versionType": "custom"
},
{
"lessThan": "3.7.28",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS)."
}
],
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T17:00:55.364Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1208"
}
],
"source": {
"advisory": "SVD-2025-1208"
},
"title": "Improper Input Validation in \"label\" column field in Splunk Secure Gateway App"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20389",
"datePublished": "2025-12-03T17:00:55.364Z",
"dateReserved": "2024-10-10T19:15:13.266Z",
"dateUpdated": "2025-12-03T21:37:01.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20383 (GCVE-0-2025-20383)
Vulnerability from cvelistv5
Published
2025-12-03 17:00
Modified
2025-12-03 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Summary
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.2 Version: 9.4 < 9.4.6 Version: 9.3 < 9.3.8 Version: 9.2 < 9.2.10 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:33:01.823595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:33:17.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.2",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.6",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.10",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.6",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.8",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.120",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
},
{
"product": "Splunk Secure Gateway",
"vendor": "Splunk",
"versions": [
{
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9",
"versionType": "custom"
},
{
"lessThan": "3.8.58",
"status": "affected",
"version": "3.8",
"versionType": "custom"
},
{
"lessThan": "3.7.28",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"datePublic": "2025-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert."
}
],
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T17:00:36.414Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1202"
}
],
"source": {
"advisory": "SVD-2025-1202"
},
"title": "Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20383",
"datePublished": "2025-12-03T17:00:36.414Z",
"dateReserved": "2024-10-10T19:15:13.264Z",
"dateUpdated": "2025-12-03T21:33:17.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}