Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29946
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the malicious user to phish the victim b...
Splunk Splunk
5.1
CVSSv2
CVE-2022-26889
In Splunk Enterprise versions prior to 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an malicious user to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for...
Splunk Splunk
NA
CVE-2024-23678
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enter...
Splunk Splunk
4.3
CVSSv2
CVE-2022-27183
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions prior to 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on ...
Splunk Splunk
5
CVSSv2
CVE-2021-33845
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances prior to 8.1.7 when configured to repress verbose login errors.
Splunk Splunk
5
CVSSv2
CVE-2022-32157
Splunk Enterprise deployment servers in versions prior to 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/D...
Splunk Splunk
7.5
CVSSv2
CVE-2022-32158
Splunk Enterprise deployment servers in versions prior to 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute ...
Splunk Splunk
6
CVSSv2
CVE-2010-3322
The XML parser in Splunk 4.0.0 up to and including 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.
Splunk Splunk
4.3
CVSSv2
CVE-2013-6772
Splunk prior to 5.0.4 lacks X-Frame-Options which can allow Clickjacking
Splunk Splunk
3.5
CVSSv2
CVE-2017-5607
Splunk Enterprise 5.0.x prior to 5.0.18, 6.0.x prior to 6.0.14, 6.1.x prior to 6.1.13, 6.2.x prior to 6.2.13.1, 6.3.x prior to 6.3.10, 6.4.x prior to 6.4.6, and 6.5.x prior to 6.5.3 and Splunk Light prior to 6.5.2 assigns the $C JS property to the global Window namespace, which m...
Splunk Splunk
1 EDB exploit
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »