CVE-2025-4166 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

GHSA-GCQF-F89C-68HV vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

GHSA-GCQF-F89C-68HV vulnerabilities

Vulnerabilities for packages: splunk-otel-collector, splunk-otel-collector-fips...

CVE-2025-4166 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector, splunk-otel-collector-fips...

uberAgent - unable to upload data to Splunk in environment with restricted internet access

uberAgent data is not available on the Splunk dashboard. Agents are reporting correctly when Admins allow full internet access on the firewall. uberAgent log file located in C:\Windows\Temp default location shows the issue with CurlSend attempt, example: 2025-05-02 10:31:10.439...

The vulnerability in the Splunk Web platform for operational analysis of Splunk Enterprise’s web interface allows attackers to bypass security restrictions, increase their privileges, and execute arbitrary commands.

The vulnerability in the Splunk Web platform for operational analysis in Splunk Enterprise relates to insufficient protection of sensitive data when processing the /services/streams/search endpoint with the q parameter. Exploiting this vulnerability allows an attacker to bypass security...

uberAgent - CVAD Site not visible in Splunk

Splunk dashboard CVAD/DaaS Applications & Desktops does not display CVAD Site on the list. There is no issue with data upload from agent to Splunk as other DDC metrics are available. uberAgent.log file located in C:\Windows\Temp on the Delivery Controller shows the error if you search for:...

uberAgent data from Windows 11 does not appear in Splunk

Checking the uberAgent UXM app in Splunk for a Windows 11 machine, or querying index=uberAgent for a specific machine, will return no results. The uberAgent.log from the Windows 11 machine will contain the following error. Error: 'wmic' is not recognized as an internal or external command,operabl...

Splunk Enterprise 9.1.0 < 9.1.8, 9.2.0 < 9.2.5, 9.3.0 < 9.3.3 (SVD-2025-0301)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-0301 advisory. - In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104,...

Exploit for Path Traversal in Splunk

CVE-2024-36991 - Splunk Path Traversal Proof of Concept for...

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, arises from deficiencies in access control. This vulnerability allows an attacker to gain read, modify, or delete access to data stored in the KV Store (Key Value Store).

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read,...

The vulnerability of the Splunk Enterprise platform for operational analysis, related to deficiencies in access control, allows a perpetrator to execute arbitrary code.

The vulnerability of the Splunk Enterprise platform for operational analysis is related to deficiencies in access control for the directory $SPLUNKHOME/var/run/splunk/apptemp. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

The vulnerability of the Splunk Dashboard Studio web interface on the Splunk Web platform for operational analysis in the Splunk Enterprise environment allows a hacker to disclose protected information.

The vulnerability of the Splunk Dashboard Studio web interface of the Splunk Enterprise operating analysis platform is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information by bypassing the modal dialog box...

The vulnerability in the web interface of the Splunk Web platform for operational analysis in Splunk Enterprise allows a attacker to perform a CSRF attack.

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack remotely...

Exploit for Path Traversal in Splunk

CVE-2024-36991-Tool This binary POC autom...

Exploit for Path Traversal in Splunk

CVE-2024-36991-Tool This binary POC autom...

Exploit for Path Traversal in Splunk

Splunk Path Traversal Exploit CVE-2024-36991 Descript...

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-20228

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store KVStore through a...

CVE-2025-20226

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permission...