20785 matches found
CVE-2025-20367
In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the dataset.command parameter of t...
CVE-2025-20368
CVE-2025-20368 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power roles) can craft a malicious payload via error messages and saved-search/job-inspector details, potentially causing unauthorized JavaScript execution in a user’s browser (XSS). Affected vers...
CVE-2025-20368 Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inspector on Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection...
CVE-2025-20368 Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inspector on Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection...
CVE-2025-20371
CVE-2025-20371 affects Splunk Enterprise and Splunk Cloud Platform: unauthenticated SSRF that can cause REST API calls on behalf of an authenticated high-privilege user. Affected: Splunk Enterprise < 10.0.1; also versions 9.2.8–9.4.4; Splunk Cloud Platform < 9.3.2411.109, < 9.3.2408.119,
CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...
CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...
CVE-2025-20367 Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the dataset.command parameter of t...
CVE-2025-20367
Affected software: Splunk Enterprise (versions below 9.4.4, 9.3.6, 9.2.8) and Splunk Cloud Platform (below 9.3.2411.109, 9.3.2408.119, 9.2.2406.122). Vulnerability: a low-privileged user can craft a malicious payload via the dataset.command parameter of the /app/search/table endpoint, resulting i...
CVE-2025-20367 Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the dataset.command parameter of t...
CVE-2025-20370 Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability changeauthentication, could send multiple LDAP bind requests to a specific...
CVE-2025-20370 Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability changeauthentication, could send multiple LDAP bind requests to a specific...
CVE-2025-20370
Summary (CVE-2025-20370) : Splunk Enterprise releases older than 10.0.1 and certain 9.x versions, plus Splunk Cloud Platform releases below specific 9.3.24xx/9.2.24xx builds, are affected. A user with the high-privilege capability change_authentication can send multiple LDAP bind requests to an i...
CVE-2025-20366 Improper Access Control in Background Job Submission in Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an...
CVE-2025-20366 Improper Access Control in Background Job Submission in Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an...
CVE-2025-20366
CVE-2025-20366 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power roles) can access sensitive search results if an administrative search job runs in the background and the user guesses the job’s unique SID, potentially exposing confidential data. Affected ...
CVE-2025-20369
The CVE-2025-20369 affects Splunk Enterprise and Splunk Cloud Platform. A low-privilege user not in admin/power roles can perform an XML External Entity (XXE) injection via the dashboard tab label field, potentially enabling Denial of Service (DoS). Affected versions include Splunk Enterprise <...
CVE-2025-20369 Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language XML external entity XXE...
CVE-2025-20369 Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language XML external entity XXE...
PT-2025-40273
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1 Splunk Enterprise versions 9.2.8 through 9.4.4 Splunk Cloud Platform versions prior to 9.3.2411.108 Splunk Cloud Platform versions 9.2.2406.123 through 9.3.2408.118 Description A user with the change...