CNNVD-202512-373 Information
CNNVD ID
CNNVD-202512-373
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
Splunk Enterprise和Splunk Secure Gateway都是美国Splunk公司的产品。Splunk Enterprise是一套数据收集分析软件。Splunk Secure Gateway是一个安全网关。 Splunk Enterprise和Splunk Secure Gateway存在输入验证错误漏洞,该漏洞源于低权限用户可通过label列字段构造恶意有效载荷,可能导致客户端拒绝服务。以下版本受到影响:Splunk Enterprise 10.0.2之前版本、9.4.6版本、9.3.8版本和9.2.10版本和Splunk Secure Gateway3.9.10之前版本、3.8.58版本和3.7.28版本。
Description (English)
Splunk Enterprise and Splunk Security Gateway are all products of the United States company Splunk. Splung Enterprise is a data collection and analysis software. Splunk Security Gateway is a safety gateway. Splung Enterprise and Splunk Security Gateway have input validation bugs, which stem from the fact that low-authorized users can construct a malicious payload through the label column field, which may lead to the client ’ s rejection of the service. The following versions were affected: Splunk Enterprise 10.2, 9.4.6, 9.3.8 and 9.2.10 and Splunk Security Gateway 3.9.10, 3.8.58 and 3.7.28.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
Splunk
Published
2025-12-03
Last Modified
2026-02-24
References
https://advisory.splunk.com/advisories/SVD-2025-1208 https://vigilance.fr/vulnerability/Splunk-Enterprise-denial-of-service-via-Label-Column-Field-48972
Patch
https://www.splunk.com/en_us/products/splunk-enterprise.html
Share on: