Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk vulnerabilities and exploits
(subscribe to this query)
891
VMScore
CVE-2017-17067
Splunk Web in Splunk Enterprise 7.0.x prior to 7.0.0.1, 6.6.x prior to 6.6.3.2, 6.5.x prior to 6.5.6, 6.4.x prior to 6.4.9, and 6.3.x prior to 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote malicious users to bypass intended access restrictions or...
Splunk Splunk
3 Github repositories
445
VMScore
CVE-2021-33845
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances prior to 8.1.7 when configured to repress verbose login errors.
Splunk Splunk
NA
CVE-2023-22942
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request.
Splunk Splunk
383
VMScore
CVE-2022-27183
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions prior to 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on ...
Splunk Splunk
383
VMScore
CVE-2018-7427
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x prior to 6.0.14, 6.1.x prior to 6.1.13, 6.2.x prior to 6.2.14, 6.3.x prior to 6.3.10, 6.4.x prior to 6.4.7, and 6.5.x prior to 6.5.3; and Splunk Light prior to 6.6.0 allows remote malicious users to...
Splunk Splunk
409
VMScore
CVE-2021-42743
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions prior to 8.1.1 on Windows.
Splunk Splunk
312
VMScore
CVE-2019-5727
Splunk Web in Splunk Enterprise 6.5.x prior to 6.5.5, 6.4.x prior to 6.4.9, 6.3.x prior to 6.3.12, 6.2.x prior to 6.2.14, 6.1.x prior to 6.1.14, and 6.0.x prior to 6.0.15 and Splunk Light prior to 6.6.0 has Persistent XSS, aka SPL-138827.
Splunk Splunk
454
VMScore
CVE-2022-26889
In Splunk Enterprise versions prior to 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an malicious user to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for...
Splunk Splunk
NA
CVE-2024-29946
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the malicious user to phish the victim b...
Splunk Splunk
445
VMScore
CVE-2018-7429
Splunkd in Splunk Enterprise 6.2.x prior to 6.2.14 6.3.x prior to 6.3.11, and 6.4.x prior to 6.4.8; and Splunk Light prior to 6.5.0 allow remote malicious users to cause a denial of service via a malformed HTTP request.
Splunk Splunk
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »