Splunk has announced security patches for its Enterprise product, including fixes for vulnerabilities rated as ‘high severity’. Individual advisories have been issued for two high-severity vulnerabilities patched in Splunk Enterprise.
One of them, CVE-2024 29946, affects the Dashboard Examples Hub in the Splunk Dashboard Studio appand can be used to bypass security measures for risky Search Processing Language (SPL) commands.”This could let attackers bypass SPL safeguards for risky commands with the permissions of a highly privileged user in the Hub,” Splunk said.
It said that “the vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.” The second flaw, CVE-2024 29945, concerns the potential exposure of authentication tokens during the token validation process.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
