Primary

Context

Splunk Improper Access Control Vulnerability in System Source Type Configuration

Vulnerability

Patched

A vulnerability exists in Splunk Enterprise versions prior to 9.4.2, 9.3.5, 9.2.7, and 9.1.10, as well as in Splunk Cloud Platform versions prior to 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119. The issue allows low-privileged users, who do not have 'admin' or 'power' roles, to create or modify system source type configurations. This is achieved by sending a specially-crafted payload to the '/servicesNS/nobody/search/admin/sourcetypes/' REST endpoint on the Splunk management port.

Impact

Exploitation of this vulnerability could lead to unauthorized creation or modification of system source type configurations, potentially allowing for further exploitation or misconfiguration of the Splunk instance.

Remediation

Users are advised to upgrade Splunk Enterprise to versions 9.4.2, 9.3.5, 9.2.7, 9.1.10 or higher. For Splunk Cloud Platform, no action is required as Splunk is actively monitoring and patching instances.

Added: Jul 7, 2025, 6:23 PM

Updated: Jul 7, 2025, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Splunk Improper Access Control Vulnerability in System Source Type Configuration

Vulnerability

Impact

Remediation

Affected Products

Splunk

Splunk Cloud Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating