In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information.
2025-10-01T17:15:40.273
2025-10-08T20:24:31.843
Analyzed
CVSSv3.1: 4.9 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | splunk | splunk | < 9.2.8 | Yes |
| Application | splunk | splunk | < 9.3.6 | Yes |
| Application | splunk | splunk | < 9.4.4 | Yes |
| Application | splunk | splunk | 10.0.0 | Yes |
| Application | splunk | splunk_cloud_platform | < 9.2.2406.123 | Yes |
| Application | splunk | splunk_cloud_platform | < 9.3.2408.118 | Yes |
| Application | splunk | splunk_cloud_platform | < 9.3.2411.108 | Yes |