CNNVD-202512-377 Information
CNNVD ID
CNNVD-202512-377
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
Splunk Cloud Platform和Splunk Enterprise都是美国Splunk公司的产品。Splunk Cloud Platform是一个强大的数据收集、处理和分析服务。Splunk Enterprise是一套数据收集分析软件。 Splunk Cloud Platform和Splunk Enterprise存在安全漏洞,该漏洞源于/en-US/static/端点验证不足,可能导致ANSI转义代码注入和日志数据篡改。以下版本受到影响:Splunk Enterprise 10.0.1之前版本、9.4.6之前版本、9.3.8之前版本和9.2.10之前版本和Splunk Cloud Platform 10.1.2507.4之前版本、10.0.2503.6之前版本和9.3.2411.117.125之前版本。
Description (English)
Splunk Cloud Platform and Splunk Enterprise are products of the United States company Splunk. Splung Cloud Platform is a powerful data collection, processing and analysis service. Splung Enterprise is a data collection and analysis software. There is a security loophole in Splunk Cloud Platform and Splunk Enterprise, which stems from/en-US/static/end verification deficiencies that may lead to ANSI transliteration and log data manipulation. The following versions were affected: the previous version of Splunk Enterprise 10.0.1, the previous version of 9.4.6, the pre-version of 9.3.8 and the pre-version of 9.2.10 and the pre-version of Splunk Cloud Platform 10.1.25007.4, the pre-version of 10.0203.6 and the pre-version of 9.3.2411117.125.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Splunk
Published
2025-12-03
Last Modified
2026-02-24
References
https://advisory.splunk.com/advisories/SVD-2025-1203 https://vigilance.fr/vulnerability/Splunk-Enterprise-ingress-filtrering-bypass-via-Log-Injection-48967
Patch
https://www.splunk.com/en_us/products/splunk-enterprise.html
Share on: