Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk splunk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29945
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log...
Splunk Splunk
NA
CVE-2024-29946
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the malicious user to phish the victim b...
Splunk Splunk
5
CVSSv2
CVE-2021-33845
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances prior to 8.1.7 when configured to repress verbose login errors.
Splunk Splunk
3.5
CVSSv2
CVE-2019-5727
Splunk Web in Splunk Enterprise 6.5.x prior to 6.5.5, 6.4.x prior to 6.4.9, 6.3.x prior to 6.3.12, 6.2.x prior to 6.2.14, 6.1.x prior to 6.1.14, and 6.0.x prior to 6.0.15 and Splunk Light prior to 6.6.0 has Persistent XSS, aka SPL-138827.
Splunk Splunk
5
CVSSv2
CVE-2018-7429
Splunkd in Splunk Enterprise 6.2.x prior to 6.2.14 6.3.x prior to 6.3.11, and 6.4.x prior to 6.4.8; and Splunk Light prior to 6.5.0 allow remote malicious users to cause a denial of service via a malformed HTTP request.
Splunk Splunk
5
CVSSv2
CVE-2018-7432
Splunk Enterprise 6.2.x prior to 6.2.14, 6.3.x prior to 6.3.10, 6.4.x prior to 6.4.7, and 6.5.x prior to 6.5.3; and Splunk Light prior to 6.6.0 allow remote malicious users to cause a denial of service via a crafted HTTP request.
Splunk Splunk
4.6
CVSSv2
CVE-2021-42743
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions prior to 8.1.1 on Windows.
Splunk Splunk
6.9
CVSSv2
CVE-2017-18348
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPL...
Splunk Splunk
4.3
CVSSv2
CVE-2013-6772
Splunk prior to 5.0.4 lacks X-Frame-Options which can allow Clickjacking
Splunk Splunk
4.6
CVSSv2
CVE-2013-6773
Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an malicious user to escalate privileges
Splunk Splunk
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »