Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk splunk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-35291
Cross-site scripting vulnerability exists in Splunk Config Explorer versions before 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
7.2
CVSSv3
CVE-2024-29945
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log...
Splunk Splunk
8.1
CVSSv3
CVE-2024-29946
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the malicious user to phish the victim b...
Splunk Splunk
4.9
CVSSv3
CVE-2023-46230
In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.
Splunk Add-on Builder
7.2
CVSSv3
CVE-2023-46231
In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on.
Splunk Add-on Builder
8.8
CVSSv3
CVE-2024-23678
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enter...
Splunk Splunk
6.5
CVSSv3
CVE-2024-23675
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.
Splunk Cloud
Splunk Splunk
3.5
CVSSv3
CVE-2024-23676
In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.
Splunk Splunk
Splunk Cloud
5.3
CVSSv3
CVE-2024-23677
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.
Splunk Splunk
Splunk Cloud
4.3
CVSSv3
CVE-2024-22164
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation...
Splunk Enterprise Security
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »