CVE-2025-20230

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value...

CVE-2024-53246

CVE-2024-53246 affects Splunk products where an SPL command can disclose sensitive information. Affected are Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206. Exploitation requires chainin...

Splunk Enterprise 6.2.x < 6.2.2 Multiple Vulnerabilities (FREAK)

According to its version number, the Splunk Enterprise hosted on the remote web server is version 6.2.x prior to 6.2.2. It is, therefore, affected by the following vulnerabilities : - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allo...