CVE-2022-27183

The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platfo...

CVE-2022-26889

In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page e.g., HTML Injection, XSS or bypass SPL safeguards for risky commands. The attack...

CVE-2025-0367

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service ReDoS attack...

CVE-2025-0367 Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch)

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service ReDoS attack...

CVE-2025-0367

CVE-2025-0367 affects the Splunk Supporting Add-on for Active Directory (SA-ldapsearch). The vulnerable component is a regular expression pattern in versions 3.1.0 and earlier, which can be exploited to trigger a Regular Expression Denial of Service (ReDoS). Public records indicate a potential im...

CVE-2025-0367 Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch)

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service ReDoS attack...

Splunk Supporting Add-on for Active Directory 安全漏洞

Splunk Supporting Add-on for Active Directory SA-ldapsearch is an add-on for Active Directory from Splunk. A security vulnerability exists in Splunk Supporting Add-on for Active Directory version 3.1.0 and earlier, which stems from a vulnerable regular expression pattern that could lead to a...

CISA Releases Microsoft Expanded Cloud Logs Implementation Playbook

Today, CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the most out of Microsoft’s newly introduced logs in Microsoft Purview Audit Standard. This step-by-step guide enables technical personnel to better detect and defend against advanced intrusio...

PT-2025-3854 · Splunk · Splunk Supporting Add-On For Active Directory

Name of the Vulnerable Software and Affected Versions: Splunk Supporting Add-on for Active Directory versions 3.1.0 and earlier Description: A vulnerable regular expression pattern in the Splunk Supporting Add-on for Active Directory could lead to a Regular Expression Denial of Service ReDoS...

CVE-2025-22621

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the adminallobjects capability to the splunkappsoar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles...

CVE-2025-22621

CVE-2025-22621 affects Splunk App for SOAR, versions 1.0.67 and lower. The root cause is a documentation-guided addition of the admin_all_objects capability to the splunk_app_soar role, potentially granting high-privilege access to a low-privileged user and compromising access control. The CVE is...

CVE-2025-22621 Privilege escalation for users who hold the “splunk_app_soar“ role in the Splunk App for SOAR

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the adminallobjects capability to the splunkappsoar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles...

CVE-2025-22621 Privilege escalation for users who hold the “splunk_app_soar“ role in the Splunk App for SOAR

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the adminallobjects capability to the splunkappsoar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles...

PT-2025-4607 · Splunk · Splunk App For Soar

Name of the Vulnerable Software and Affected Versions: Splunk App for SOAR versions 1.0.67 and lower Description: The issue is related to improper access control. In the affected versions of the Splunk App for SOAR, the documentation recommended adding the admin all objects capability to the splu...

Splunk App for SOAR 安全漏洞

Splunk App for SOAR is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk App for SOAR version 1.0.67 and earlier, which stems from improper access control...

The vulnerability of the registration method for mobile devices and the deployment of mobile applications via Splunk Secure Gateway, a platform for operational analysis in Splunk Enterprise, stems from insufficient protection of sensitive data. This vulnerability allows attackers to gain unauthorized access to protected information.

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to insufficient protection of sensitive data due to improper access control to the KV Store Key Value...

The vulnerability of the Splunk Enterprise platform for operational analysis, related to the transmission of data in an open manner, allows a perpetrator to disclose protected information.

The vulnerability of the Splunk Enterprise platform for operational analysis is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, arises from deficiencies in the deserialization mechanism. This allows attackers to execute arbitrary code.

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to...

Vulnerability fixed in Splunk Enterprise

Splunk has fixed a vulnerability in Splunk Enterprise and Splunk Secure Gateway. The vulnerability is in specific versions of Splunk Enterprise and Splunk Secure Gateway, allowing low-privileged users to remotely execute code without needing admin rights. Splunk has released updates to fix the...

Splunk Enterprise 9.1.0 < 9.1.7, < 9.2.4, < 9.3.2 (SVD-2024-1205)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-1205 advisory. - In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7.13 of the Splunk Secure Gatew...