v4.35.0
patel-bhavin
released this
01 Jul 18:38
·
1432 commits
to develop
since this release
Key Highlights
- Enterprise Security Content Updates version 4.35.0 contains 11 new analytics and 6 updated analytics that are specifically crafted to detect the Splunk Security Advisories that were published on July 1st, 2024 for Splunk Enterprise 9.2.2, 9.1.5, 9.0.10 and Splunk Cloud. These Splunk Enterprise updates address several critical vulnerabilities, including multiple instances of persistent cross-site scripting (XSS) in various endpoints, remote code execution (RCE) exploits, and denial of service (DoS) vulnerabilities. Additionally, in this ESCU build we have updated the analytics for detecting information disclosure of user names, path traversal, insecure file uploads, and risky command safeguards bypasses, ensuring a more secure environment for Splunk Enterprise users. Please refer to https://advisory.splunk.com/ for specific details about the vulnerabilities.
Total New and Updated Content: [19]
New Analytic Story - [0]
Updated Analytic Story - [0]
New Analytics - [11]
- Splunk DoS via POST Request Datamodel Endpoint
- Splunk Information Disclosure on Account Login
- Splunk RCE PDFgen Render
- Splunk RCE via External Lookup Copybuckets
- Splunk Stored XSS conf-web Settings on Premises
- Splunk Stored XSS via Specially Crafted Bulletin Message
- Splunk Unauthenticated DoS via Null Pointer References
- Splunk Unauthenticated Path Traversal Modules Messaging
- Splunk Unauthorized Experimental Items Creation
- Splunk XSS Privilege Escalation via Custom Urls in Dashboard
- Splunk XSS Via External Urls in Dashboards SSRF
Updated Analytics - [6]
- Splunk CSRF in the SSG kvstore Client Endpoint
- Splunk Enterprise Windows Deserialization File Partition
- Splunk Stored XSS via Data Model objectName Field
- Splunk XSS in Highlighted JSON Events
- Splunk XSS in Save table dialog header in search page
- Splunk risky Command Abuse disclosed february 2023
Macros Added - [1]
- splunkd_webs
Macros Updated - [0]
Lookups Added - [0]
Lookups Updated - [1]
- splunk_risky_command
Playbooks Added - [0]
Playbooks Updated - [0]
Deprecated Analytics - [0]
Other Updates
- Updated the ESCU Summary Dashboard to link directly to the Enterprise Security Use Case Library.
Full Changelog: v4.34.0...v4.35.0