Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk splunk vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-32711
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload.
Splunk Splunk
3.1
CVSSv3
CVE-2023-32712
In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code e...
Splunk Splunk
4.3
CVSSv3
CVE-2022-26070
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions prior to 8.1.0.
Splunk Splunk
5.3
CVSSv3
CVE-2018-11409
Splunk up to and including 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
Splunk Splunk
1 EDB exploit
2 Github repositories
6.1
CVSSv3
CVE-2018-7427
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x prior to 6.0.14, 6.1.x prior to 6.1.13, 6.2.x prior to 6.2.14, 6.3.x prior to 6.3.10, 6.4.x prior to 6.4.7, and 6.5.x prior to 6.5.3; and Splunk Light prior to 6.6.0 allows remote malicious users to...
Splunk Splunk
7.5
CVSSv3
CVE-2018-7429
Splunkd in Splunk Enterprise 6.2.x prior to 6.2.14 6.3.x prior to 6.3.11, and 6.4.x prior to 6.4.8; and Splunk Light prior to 6.5.0 allow remote malicious users to cause a denial of service via a malformed HTTP request.
Splunk Splunk
6.5
CVSSv3
CVE-2018-7431
Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x prior to 6.0.14, 6.1.x prior to 6.1.13, 6.2.x prior to 6.2.14, 6.3.x prior to 6.3.10, 6.4.x prior to 6.4.6, and 6.5.x prior to 6.5.3; and Splunk Light prior to 6.6.0 allows remote authenticated ...
Splunk Splunk
7.5
CVSSv3
CVE-2018-7432
Splunk Enterprise 6.2.x prior to 6.2.14, 6.3.x prior to 6.3.10, 6.4.x prior to 6.4.7, and 6.5.x prior to 6.5.3; and Splunk Light prior to 6.6.0 allow remote malicious users to cause a denial of service via a crafted HTTP request.
Splunk Splunk
8.1
CVSSv3
CVE-2021-26253
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions prior to 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or...
Splunk Splunk
6.1
CVSSv3
CVE-2022-27183
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions prior to 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on ...
Splunk Splunk
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »