In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a lo

BROWSER

CLOUD

SPLUNK

02-06-2025 16:14

CVE-2025-20297 Vulnerabilidad documentada

4.3 MEDIUM

Tags

#pdf

#javascript

#java

#form

#admin

#splunk

#cloud

#browser

#privilege

#malicious

#execution

#unauthorized

Descripción

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, Cloud Platform 9.3.2411.102, 9.3.2408.111 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" roles could craft malicious payload through pdfgen/render REST endpoint result in execution of unauthorized JavaScript code browser user.

https://advisory.splunk.com/advisories/SVD-2025-0601

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-20297

Resultados similares

Coincidentes en almenos en 50% de los tags

04-06-2025 CVE-2025-48959
Local privilege escalation due to insecure file permissions. The following products are affecte...
Ver información

04-06-2025
Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability A vulnerab...
Ver información