Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk splunk vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-26889
In Splunk Enterprise versions prior to 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an malicious user to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for...
Splunk Splunk
5.4
CVSSv3
CVE-2019-5727
Splunk Web in Splunk Enterprise 6.5.x prior to 6.5.5, 6.4.x prior to 6.4.9, 6.3.x prior to 6.3.12, 6.2.x prior to 6.2.14, 6.1.x prior to 6.1.14, and 6.0.x prior to 6.0.15 and Splunk Light prior to 6.6.0 has Persistent XSS, aka SPL-138827.
Splunk Splunk
5.4
CVSSv3
CVE-2023-32711
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload.
Splunk Splunk
5.3
CVSSv3
CVE-2018-11409
Splunk up to and including 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
Splunk Splunk
1 EDB exploit
2 Github repositories
4.3
CVSSv3
CVE-2023-22942
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request.
Splunk Splunk
8.8
CVSSv3
CVE-2024-23678
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enter...
Splunk Splunk
9.8
CVSSv3
CVE-2017-17067
Splunk Web in Splunk Enterprise 7.0.x prior to 7.0.0.1, 6.6.x prior to 6.6.3.2, 6.5.x prior to 6.5.6, 6.4.x prior to 6.4.9, and 6.3.x prior to 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote malicious users to bypass intended access restrictions or...
Splunk Splunk
3 Github repositories
3.5
CVSSv3
CVE-2017-5607
Splunk Enterprise 5.0.x prior to 5.0.18, 6.0.x prior to 6.0.14, 6.1.x prior to 6.1.13, 6.2.x prior to 6.2.13.1, 6.3.x prior to 6.3.10, 6.4.x prior to 6.4.6, and 6.5.x prior to 6.5.3 and Splunk Light prior to 6.5.2 assigns the $C JS property to the global Window namespace, which m...
Splunk Splunk
1 EDB exploit
3 Github repositories
4.3
CVSSv3
CVE-2022-26070
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions prior to 8.1.0.
Splunk Splunk
7.5
CVSSv3
CVE-2021-3422
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions prior to 7.3.9, 8.0 versions prior to 8...
Splunk Splunk
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »