Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk splunk vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-46213
In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.
Splunk Cloud
Splunk Splunk
6.5
CVSSv3
CVE-2024-23675
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.
Splunk Cloud
Splunk Splunk
8.1
CVSSv3
CVE-2023-32714
In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.
Splunk Splunk
Splunk Splunk App For Lookup File Editing
5.5
CVSSv3
CVE-2022-37439
In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually rem...
Splunk Splunk
Splunk Universal Forwarder
8.1
CVSSv3
CVE-2022-32156
In Splunk Enterprise and Universal Forwarder versions prior to 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation fo...
Splunk Splunk
Splunk Universal Forwarder
6.1
CVSSv3
CVE-2018-7427
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x prior to 6.0.14, 6.1.x prior to 6.1.13, 6.2.x prior to 6.2.14, 6.3.x prior to 6.3.10, 6.4.x prior to 6.4.7, and 6.5.x prior to 6.5.3; and Splunk Light prior to 6.6.0 allows remote malicious users to...
Splunk Splunk
5.3
CVSSv3
CVE-2018-11409
Splunk up to and including 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
Splunk Splunk
1 EDB exploit
2 Github repositories
8.1
CVSSv3
CVE-2021-26253
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions prior to 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or...
Splunk Splunk
5.3
CVSSv3
CVE-2021-33845
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances prior to 8.1.7 when configured to repress verbose login errors.
Splunk Splunk
8.8
CVSSv3
CVE-2024-23678
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enter...
Splunk Splunk
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »