Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk splunk vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-46213
In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.
Splunk Cloud
Splunk Splunk
8.8
CVSSv3
CVE-2023-46214
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk E...
Splunk Cloud
Splunk Splunk
1 Github repository
8.1
CVSSv3
CVE-2023-32714
In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.
Splunk Splunk
Splunk Splunk App For Lookup File Editing
5.5
CVSSv3
CVE-2022-37439
In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually rem...
Splunk Splunk
Splunk Universal Forwarder
8.1
CVSSv3
CVE-2022-32156
In Splunk Enterprise and Universal Forwarder versions prior to 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation fo...
Splunk Splunk
Splunk Universal Forwarder
7
CVSSv3
CVE-2017-18348
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPL...
Splunk Splunk
8.8
CVSSv3
CVE-2024-23678
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enter...
Splunk Splunk
5.3
CVSSv3
CVE-2018-11409
Splunk up to and including 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
Splunk Splunk
1 EDB exploit
2 Github repositories
3.5
CVSSv3
CVE-2017-5607
Splunk Enterprise 5.0.x prior to 5.0.18, 6.0.x prior to 6.0.14, 6.1.x prior to 6.1.13, 6.2.x prior to 6.2.13.1, 6.3.x prior to 6.3.10, 6.4.x prior to 6.4.6, and 6.5.x prior to 6.5.3 and Splunk Light prior to 6.5.2 assigns the $C JS property to the global Window namespace, which m...
Splunk Splunk
1 EDB exploit
3 Github repositories
6.5
CVSSv3
CVE-2018-7431
Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x prior to 6.0.14, 6.1.x prior to 6.1.13, 6.2.x prior to 6.2.14, 6.3.x prior to 6.3.10, 6.4.x prior to 6.4.6, and 6.5.x prior to 6.5.3; and Splunk Light prior to 6.6.0 allows remote authenticated ...
Splunk Splunk
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »