Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk cloud vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2022-32153
Splunk Enterprise peers in Splunk Enterprise versions prior to 9.0 and Splunk Cloud Platform versions prior to 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates ...
Splunk Splunk
Splunk Splunk Cloud Platform
8.1
CVSSv3
CVE-2022-32154
Dashboards in Splunk Enterprise versions prior to 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to ...
Splunk Splunk
Splunk Splunk Cloud Platform
7.5
CVSSv3
CVE-2022-32155
In universal forwarder versions prior to 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environ...
Splunk Splunk
Splunk Splunk Cloud Platform
6.3
CVSSv3
CVE-2023-22936
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an a...
Splunk Splunk
Splunk Splunk Cloud Platform
5.7
CVSSv3
CVE-2023-22940
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’...
Splunk Splunk
Splunk Splunk Cloud Platform
8.8
CVSSv3
CVE-2022-43565
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The v...
Splunk Splunk
Splunk Splunk Cloud Platform
5.4
CVSSv3
CVE-2022-43569
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.
Splunk Splunk
Splunk Splunk Cloud Platform
8.8
CVSSv3
CVE-2023-40598
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execut...
Splunk Splunk
Splunk Splunk Cloud Platform
5.4
CVSSv3
CVE-2022-43562
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.
Splunk Splunk
Splunk Splunk Cloud Platform
6.5
CVSSv3
CVE-2022-43570
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.
Splunk Splunk
Splunk Splunk Cloud Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »