Splunk is a suite of data collection and analysis software from Splunk, Inc. The software is primarily used to collect, index, and analyze the data it generates, including data generated by all IT systems and infrastructures (physical, virtual machines, and cloud.) A command injection vulnerability exists in versions prior to Splunk Enterprise 9.0 and versions prior to Splunk cloud platform 8.2.2106. An attacker could exploit this vulnerability to inject a risky search command into a form token.