Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-40592
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of a...
Splunk Splunk Cloud Platform
Splunk Splunk 9.1.0
Splunk Splunk
7.5
CVSSv3
CVE-2023-40594
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.
Splunk Splunk Cloud Platform
Splunk Splunk 9.1.0
Splunk Splunk
8.8
CVSSv3
CVE-2023-40595
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.
Splunk Splunk Cloud Platform
Splunk Splunk 9.1.0
Splunk Splunk
8.8
CVSSv3
CVE-2023-40597
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
Splunk Splunk Cloud Platform
Splunk Splunk 9.1.0
Splunk Splunk
NA
CVE-2014-5198
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x prior to 6.1.3 allows remote malicious users to inject arbitrary web script or HTML via the Referer HTTP header.
Splunk Splunk 6.1.1
Splunk Splunk 6.1.2
Splunk Splunk 6.1
NA
CVE-2012-6447
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 up to and including 5.0.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Splunk Splunk 5.0
Splunk Splunk 5.0.1
Splunk Splunk 5.0.2
NA
CVE-2014-5197
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x prior to 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.
Splunk Splunk 6.1
Splunk Splunk 6.1.1
Splunk Splunk 6.1.2
3.5
CVSSv3
CVE-2022-37438
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerabil...
Splunk Splunk 9.0.0
Splunk Splunk Cloud Platform
Splunk Splunk
8.8
CVSSv3
CVE-2023-40596
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to ach...
Splunk Splunk
Splunk Splunk 9.1.0
7.5
CVSSv3
CVE-2021-31559
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions prior to 8.1.5 and 8.2 versions prior to 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forw...
Splunk Splunk
Splunk Splunk 8.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »