Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-43564
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.
Splunk Splunk
Splunk Splunk Cloud Platform
6.5
CVSSv3
CVE-2023-32706
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.
Splunk Splunk Cloud Platform
Splunk Splunk
8.8
CVSSv3
CVE-2023-32708
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST en...
Splunk Splunk Cloud Platform
Splunk Splunk
4.3
CVSSv3
CVE-2023-32709
In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ...
Splunk Splunk Cloud Platform
Splunk Splunk
5.3
CVSSv3
CVE-2023-32710
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) o...
Splunk Splunk Cloud Platform
Splunk Splunk
6.5
CVSSv3
CVE-2023-32716
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.
Splunk Splunk Cloud Platform
Splunk Splunk
4.3
CVSSv3
CVE-2023-32717
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing se...
Splunk Splunk Cloud Platform
Splunk Splunk
6.5
CVSSv3
CVE-2024-23675
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.
Splunk Cloud
Splunk Splunk
3.5
CVSSv3
CVE-2024-23676
In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.
Splunk Splunk
Splunk Cloud
5.3
CVSSv3
CVE-2024-23677
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.
Splunk Splunk
Splunk Cloud
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »