CVE-2023-22938

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the sendemail REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the splunk-system-user account on the local instance.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
SplunkCNA
4.3 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
splunksplunk
8.1.0 ≤
𝑥
< 8.1.13
splunksplunk
8.2.0 ≤
𝑥
< 8.2.10
splunksplunk
9.0.0 ≤
𝑥
< 9.0.4
splunksplunk_cloud_platform
𝑥
< 9.0.2209.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisory.splunk.com/advisories/SVD-2023-0208
https://advisory.splunk.com/advisories/SVD-2023-0208