Refine your search
1 vulnerability found for Splunk App for SOAR by Splunk
CVE-2025-22621 (GCVE-0-2025-22621)
Vulnerability from cvelistv5
Published
2025-01-07 16:48
Modified
2025-02-28 11:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Summary
In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk App for SOAR |
Version: 1.0 < 1.0.71 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T18:19:48.408775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T18:20:09.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk App for SOAR",
"vendor": "Splunk",
"versions": [
{
"lessThan": "1.0.71",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gabriel Nitu, Splunk"
}
],
"datePublic": "2025-01-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the \"admin\" Splunk roles."
}
],
"value": "In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the \"admin\" Splunk roles."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T11:03:57.914Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-0101"
}
],
"source": {
"advisory": "SVD-2025-0101"
},
"title": "Privilege escalation for users who hold the \u201csplunk_app_soar\u201c role in the Splunk App for SOAR"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2025-22621",
"datePublished": "2025-01-07T16:48:32.866Z",
"dateReserved": "2025-01-07T16:13:09.351Z",
"dateUpdated": "2025-02-28T11:03:57.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}