{"uuid": "638b62ef-aa71-429b-a019-f69e49e2f14d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22938", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8130", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22938\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2018sendemail\u2019 REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the \u2018splunk-system-user\u2019 account on the local instance.\n\ud83d\udccf Published: 2023-02-14T17:24:46.893Z\n\ud83d\udccf Modified: 2025-03-19T18:53:03.165Z\n\ud83d\udd17 References:\n1. https://advisory.splunk.com/advisories/SVD-2023-0208", "creation_timestamp": "2025-03-19T19:18:25.000000Z"}