Lucene search
K

7 matches found

NVD
NVD
added 2025/12/03 5:15 p.m.6 views

CVE-2025-20388

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability changeauthentication could enumerate internal IP addresses and network por...

2.7CVSS0.00327EPSS
Exploits0References1
OSV
OSV
added 2025/12/03 5:15 p.m.3 views

CVE-2025-20388

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability changeauthentication could enumerate internal IP addresses and network por...

2.7CVSS5.8AI score0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/03 5:0 p.m.16 views

CVE-2025-20388 Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability changeauthentication could enumerate internal IP addresses and network por...

2.7CVSS0.00327EPSS
Exploits0References1
CVE
CVE
added 2025/12/03 5:0 p.m.12 views

CVE-2025-20388

CVE-2025-20388 affects Splunk Enterprise and Splunk Cloud Platform. A user with a role that has the high-privilege capability change_authentication could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment. Affected v...

2.7CVSS6.3AI score0.00327EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/12/03 5:0 p.m.5 views

CVE-2025-20388 Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability changeauthentication could enumerate internal IP addresses and network por...

2.7CVSS6.3AI score0.00327EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.7 views

PT-2025-48960

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116 Description A user with a role containing the change authentication high privilege capabili...

2.7CVSS6.4AI score0.00327EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.2 views

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.1 (SVD-2025-1207)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1207 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4,...

2.7CVSS5.4AI score0.00327EPSS
Exploits0References2
Rows per page
Query Builder