CVE-2023-32717

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-285
View all →

Vulnerability Description

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.

Related Vulnerabilities

CVE-2015-7463

MEDIUM
CVSS:4.3(Medium)

IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization che...

CWE-2852015

CVE-2016-0373

MEDIUM
CVSS:4.3(Medium)

IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IB...

CWE-2852016

CVE-2016-7077

MEDIUM
CVSS:4.3(Medium)

foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if ...

CWE-2852016

CVE-2016-7078

MEDIUM
CVSS:4.3(Medium)

foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resource...

CWE-2852016

CVE-2016-9464

MEDIUM
CVSS:4.3(Medium)

Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users an...

CWE-2852016

CVE-2017-0894

MEDIUM
CVSS:4.3(Medium)

Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars ...

CWE-2852017