CVE-2025-20371

CVE-2025-20371 affects Splunk Enterprise and Splunk Cloud Platform: unauthenticated SSRF that can cause REST API calls on behalf of an authenticated high-privilege user. Affected: Splunk Enterprise < 10.0.1; also versions 9.2.8–9.4.4; Splunk Cloud Platform < 9.3.2411.109, < 9.3.2408.119,

CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...

CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...

CVE-2025-20367 Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the dataset.command parameter of t...

CVE-2025-20367 Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the dataset.command parameter of t...

CVE-2025-20367

Affected software: Splunk Enterprise (versions below 9.4.4, 9.3.6, 9.2.8) and Splunk Cloud Platform (below 9.3.2411.109, 9.3.2408.119, 9.2.2406.122). Vulnerability: a low-privileged user can craft a malicious payload via the dataset.command parameter of the /app/search/table endpoint, resulting i...

CVE-2025-20370 Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability changeauthentication, could send multiple LDAP bind requests to a specific...

CVE-2025-20370

Summary (CVE-2025-20370) : Splunk Enterprise releases older than 10.0.1 and certain 9.x versions, plus Splunk Cloud Platform releases below specific 9.3.24xx/9.2.24xx builds, are affected. A user with the high-privilege capability change_authentication can send multiple LDAP bind requests to an i...

CVE-2025-20370 Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability changeauthentication, could send multiple LDAP bind requests to a specific...

CVE-2025-20366

CVE-2025-20366 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power roles) can access sensitive search results if an administrative search job runs in the background and the user guesses the job’s unique SID, potentially exposing confidential data. Affected ...

CVE-2025-20366 Improper Access Control in Background Job Submission in Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an...

CVE-2025-20366 Improper Access Control in Background Job Submission in Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an...

CVE-2025-20369 Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language XML external entity XXE...

CVE-2025-20369

The CVE-2025-20369 affects Splunk Enterprise and Splunk Cloud Platform. A low-privilege user not in admin/power roles can perform an XML External Entity (XXE) injection via the dashboard tab label field, potentially enabling Denial of Service (DoS). Affected versions include Splunk Enterprise &lt...

CVE-2025-20369 Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language XML external entity XXE...

Splunk Cloud Platform和Splunk Enterprise 资源管理错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A resource management error vulnerability exis...

PT-2025-40269

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.4.4 Splunk Enterprise versions prior to 9.3.6 Splunk Enterprise versions prior to 9.2.8 Splunk Cloud Platform versions prior to 9.3.2411.111 Splunk Cloud Platform versions prior to 9.3.2408.119 Splunk Clou...

Splunk Cloud Platform和Splunk Enterprise 跨站脚本漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A cross-site scripting vulnerability exists in...

Splunk Enterprise 9.2.0 < 9.2.8, 9.3.0 < 9.3.6, 9.4.0 < 9.4.4, 10.0.0 < 10.0.1 (SVD-2025-1006)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1006 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109,...

PT-2025-40271

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.4.4 Splunk Enterprise versions 9.2.8 through 9.3.6 Splunk Cloud Platform versions prior to 9.3.2411.108 Splunk Cloud Platform versions 9.2.2406.123 through 9.3.2408.118 Description A user with limited...