- Description
- In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles.
- Source
- prodsec@splunk.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.4
- Impact score
- 5.2
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
- Severity
- MEDIUM
- prodsec@splunk.com
- CWE-269
- Hype score
- Not currently trending
CVE-2025-22621 In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_ap… https://t.co/vNCMlOJdDY
@CVEnew
8 Jan 2025
235 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22621 Improper Access Control in Splunk App for SOAR Version 1.0.67 In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation suggested adding the `admin_all_objects` capability t... https://t.co/YNNeQCokfS
@VulmonFeeds
7 Jan 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes