{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Splunk Enterprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.3","product":{"name":"Splunk Enterprise","vendor":{"name":"Splunk","scada":false}}},{"description":"Splunk Enterprise versions 9.0.x ant\u00e9rieures \u00e0 9.0.8","product":{"name":"Splunk Enterprise","vendor":{"name":"Splunk","scada":false}}},{"description":"Splunk Cloud versions ant\u00e9rieures \u00e0 9.1.2312.200","product":{"name":"N/A","vendor":{"name":"Splunk","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-40899","url":"https://www.cve.org/CVERecord?id=CVE-2022-40899"},{"name":"CVE-2024-23676","url":"https://www.cve.org/CVERecord?id=CVE-2024-23676"},{"name":"CVE-2024-23675","url":"https://www.cve.org/CVERecord?id=CVE-2024-23675"},{"name":"CVE-2023-29404","url":"https://www.cve.org/CVERecord?id=CVE-2023-29404"},{"name":"CVE-2023-37920","url":"https://www.cve.org/CVERecord?id=CVE-2023-37920"},{"name":"CVE-2023-29403","url":"https://www.cve.org/CVERecord?id=CVE-2023-29403"},{"name":"CVE-2023-29405","url":"https://www.cve.org/CVERecord?id=CVE-2023-29405"},{"name":"CVE-2023-29406","url":"https://www.cve.org/CVERecord?id=CVE-2023-29406"},{"name":"CVE-2024-23678","url":"https://www.cve.org/CVERecord?id=CVE-2024-23678"},{"name":"CVE-2023-39323","url":"https://www.cve.org/CVERecord?id=CVE-2023-39323"},{"name":"CVE-2023-29402","url":"https://www.cve.org/CVERecord?id=CVE-2023-29402"},{"name":"CVE-2023-29409","url":"https://www.cve.org/CVERecord?id=CVE-2023-29409"},{"name":"CVE-2024-23677","url":"https://www.cve.org/CVERecord?id=CVE-2024-23677"}],"links":[],"reference":"CERTFR-2024-AVI-0061","revisions":[{"description":"Version initiale","revision_date":"2024-01-23T00:00:00.000000"}],"risks":[{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits Splunk</span>. Certaines d'entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l'\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0105 du 22 janvier 2024","url":"https://advisory.splunk.com/advisories/SVD-2024-0105"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0108 du 22 janvier 2024","url":"https://advisory.splunk.com/advisories/SVD-2024-0108"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0106 du 22 janvier 2024","url":"https://advisory.splunk.com/advisories/SVD-2024-0106"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0107 du 22 janvier 2024","url":"https://advisory.splunk.com/advisories/SVD-2024-0107"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0109 du 22 janvier 2024","url":"https://advisory.splunk.com/advisories/SVD-2024-0109"}]}