Primary

Context

Splunk Improper Access Control Vulnerability Allows Alert Suppression by Low-Privilege Users

Vulnerability

Patched

A vulnerability exists in Splunk Enterprise versions prior to 9.4.2, 9.3.5, 9.2.6, and 9.1.9, as well as in Splunk Cloud Platform versions prior to 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119. This vulnerability allows low-privileged users, who do not have 'admin' or 'power' roles and have read-only access to specific alerts, to suppress those alerts when they are triggered.

Impact

Exploitation of this vulnerability allows low-privileged users to suppress alerts they have read-only access to, potentially leading to missed notifications of important events or issues.

Remediation

Users can upgrade to Splunk Enterprise versions 9.4.2, 9.3.5, 9.2.6, 9.1.9 or higher. For Splunk Cloud Platform, no action is needed as Splunk is actively monitoring and patching instances. If using Splunk Web, this component can be disabled as a workaround.

Added: Jul 7, 2025, 6:34 PM

Updated: Jul 7, 2025, 6:34 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Splunk Improper Access Control Vulnerability Allows Alert Suppression by Low-Privilege Users

Vulnerability

Impact

Remediation

Affected Products

Splunk

Splunk Cloud Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating