CNNVD-202512-374 Information
CNNVD ID
CNNVD-202512-374
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
Splunk Cloud Platform和Splunk Enterprise都是美国Splunk公司的产品。Splunk Cloud Platform是一个强大的数据收集、处理和分析服务。Splunk Enterprise是一套数据收集分析软件。 Splunk Cloud Platform和Splunk Enterprise存在代码问题漏洞,该漏洞源于高权限用户可枚举内部IP地址和网络端口。以下版本受到影响:Splunk Enterprise 10.0.1之前版本、9.4.6版本、9.3.8版本和9.2.10版本和Splunk Cloud Platform 10.1.2507.4之前版本、10.0.2503.7版本和9.3.2411.116之前版本。
Description (English)
Splunk Cloud Platform and Splunk Enterprise are products of the United States company Splunk. Splung Cloud Platform is a powerful data collection, processing and analysis service. Splung Enterprise is a data collection and analysis software. Splung Cloud Platform and Splunk Enterprise have a code loophole, which originates from the list of in-house IP addresses and web portals that can be accessed by high-authorized users. The following versions were affected: Splung Enterprise 10.0.1, version 9.4.6, version 9.3.8 and version 9.2.10 and Splung Cloud Platform 10.1.2507.4, version 10.0203.7 and version 9.3.241.116.
Hazard Level
Critical
Vulnerability Type
代码问题
Affected Vendor
Splunk
Published
2025-12-03
Last Modified
2026-02-24
References
https://advisory.splunk.com/advisories/SVD-2025-1207 https://vigilance.fr/vulnerability/Splunk-Enterprise-Server-Side-Request-Forgery-via-Distributed-Search-Peers-48971
Patch
https://www.splunk.com/en_us/products/splunk-enterprise.html
Share on: