CVE-2014-0160

CVE-2014-0160 (Heartbleed) is an information-disclosure vulnerability in OpenSSL’s TLS/DTLS heartbeat implementation. Affected: OpenSSL 1.0.1 before 1.0.1g. Root cause: improper handling of the Heartbeat extension (d1_both.c, t1_lib.c) leading to a buffer over-read, enabling an attacker to read m...

CVE-2021-33845

CVE-2021-33845 affects Splunk Enterprise before version 8.1.7, where the REST API can disclose usernames via the lockout error message when verbose login errors are present. Multiple connected sources (NVD, Red Hat, Nessus plugin, CVE lists) describe this information disclosure vulnerability and ...

CVE-2023-32707

Summary of CVE-2023-32707 : Affected Splunk products include Splunk Enterprise < 9.0.5, 8.2.11, and 8.1.14 and Splunk Cloud Platform

CVE-2023-46214

CVE-2023-46214 describes a remote code execution risk in Splunk Enterprise caused by unsafe sanitization of user-supplied XSLT. Affected versions are Splunk Enterprise 9.0.x before 9.0.7 and 9.1.x before 9.1.2, where uploading crafted XSLT can lead to code execution on the target. The vulnerabili...

CVE-2026-20253

Summary: CVE-2026-20253 affects Splunk Enterprise and Splunk Cloud Platform due to an unauthenticated PostgreSQL sidecar service endpoint that can create or truncate arbitrary files when exposed on the network. Affected software/versions (per sources): Splunk Enterprise < 10.2.4 and < 10.0....

CVE-2018-11409

Splunk information disclosure vulnerability CVE-2018-11409 affects Splunk and is disclosed in Splunk versions up to 7.0.1. The issue arises when an attacker appends __raw/services/server/info/server-info?output_mode=json to a query, which can disclose sensitive information such as license keys. P...

CVE-2023-40598

CVE-2023-40598 affects Splunk Enterprise prior to 8.2.12, 9.0.6, and 9.1.1. The issue allows an attacker to create an external lookup that calls a legacy internal function, enabling insertion of code into the Splunk installation directory and resulting in arbitrary code execution on the platform ...

CVE-2023-32708

Summary of CVE-2023-32708 (Splunk): A HTTP response splitting vulnerability can be triggered by the REST command via the rest SPL, allowing a low-privileged user to potentially access other REST endpoints. Affected products/versions are: Splunk Enterprise < 9.0.5, < 8.2.11, and < 8.1.14,...

CVE-2024-23675

CVE-2024-23675 affects Splunk Enterprise versions below 9.0.8 and 9.1.3, where the Splunk app key value store (KV Store) incorrectly handles permissions for users using the REST API, potentially enabling deletion of KV Store collections. The issue is rooted in access-control handling for KV Store...

CVE-2023-22938

CVE-2023-22938 affects Splunk Enterprise: in versions below 8.1.13, 8.2.10, and 9.0.4, the sendemail REST API endpoint allows any authenticated user to send an email as the Splunk instance. The root cause is improper permission validation on the endpoint, enabling unauthorized mail actions. The v...

CVE-2024-29946

CVE-2024-29946 affects Splunk Enterprise versions older than 9.2.1, 9.1.4, and 9.0.9. The Dashboard Examples Hub lacks protections for risky SPL commands, potentially allowing bypass of safeguards. The attack requires phishing the victim into initiating a browser request. Remediation per connecte...

CVE-2023-32712

The CVE-2023-32712 issue affects Splunk Enterprise and Universal Forwarder as described in multiple sources. Affected Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2 allow injecting ANSI escape codes into log files, which a vulnerable terminal can translate to read locally, potent...

CVE-2023-32711

The CVE-2023-32711 entry concerns Splunk Enterprise, where versions prior to 9.0.5, 8.2.11, and 8.1.14 expose a stored XSS via a dashboard view due to a vulnerability in Bootstrap (CVE-2019-8331). The issue allows a low-privilege user to craft a stored XSS payload that can be executed in the cont...

CVE-2023-22941

CVE-2023-22941 affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 are vulnerable due to an improperly formatted INGEST_EVAL parameter in a Field Transformation, which can crash the splunkd daemon. The issue is rooted in input parsing of INGEST_EVAL/INGEST EVAL and has the pote...

CVE-2023-32706

Summary: CVE-2023-32706 affects Splunk Enterprise versions prior to 9.0.5, 8.2.11, and 8.1.14. An unauthenticated attacker can send specially crafted messages to the XML parser in SAML authentication, triggering a Denial of Service (DoS) in the Splunk daemon. What’s affected: Splunk Enterprise on...

CVE-2023-22933

CVE-2023-22933 affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 expose a Cross-Site Scripting (XSS) vulnerability in an XML View via the layoutPanel attribute on the module tag. The issue arises in Splunk Web-enabled deployments and could allow client-side code execution. Re...

CVE-2023-22936

The CVE-2023-22936 issue affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 are vulnerable via the search_listener parameter in a search, enabling a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot observe the response unle...

CVE-2023-40592

CVE-2023-40592 affects Splunk Enterprise: versions below 9.1.1, 9.0.6, and 8.2.12 are vulnerable due to a reflected XSS in the /app/search/table endpoint. The underlying issue allows an attacker to craft a special web request that can lead to arbitrary command execution on the Splunk platform. Re...

CVE-2023-40595

CVE-2023-40595 affects Splunk Enterprise prior to 8.2.12, 9.0.6, and 9.1.1. The issue arises from a deserialization flaw in the Splunk Web interface that allows an attacker to send a specially crafted query to serialize untrusted data, enabling arbitrary code execution. Exploitation details in co...

CVE-2023-22942

In Splunk Enterprise, a cross-site request forgery vulnerability affects the Splunk Secure Gateway (SSG) app via the kvstore_client REST endpoint. Affected versions are below 8.1.13, 8.2.10, and 9.0.4. The issue, described across multiple sources, allows an attacker to update SSG KV store collect...

CVE-2023-40597

CVE-2023-40597 affects Splunk Enterprise if running versions before 8.2.12, 9.0.6, or 9.1.1. The vulnerability is an absolute path traversal in the runshellscript.py component that enables an attacker to execute arbitrary code located on a separate disk. Exploitation results in a high impact acro...

CVE-2024-36991

CVE-2024-36991 is a path traversal vulnerability in Splunk Enterprise on Windows, affecting versions below 9.2.2, 9.1.5, and 9.0.10. The flaw resides in the /modules/messaging/ endpoint, enabling an unauthenticated attacker to read arbitrary files through crafted requests (e.g., Windows drive-let...

CVE-2023-32714

CVE-2023-32714 describes a path traversal vulnerability in the Splunk App for Lookup File Editing versions below 4.0.1 . A low-privileged user can send a specially crafted web request to trigger traversal and gain read/write access to restricted areas of the Splunk installation directory. Impact ...

CVE-2024-23677

In Splunk Enterprise, versions prior to 9.0.8 are affected where the Splunk RapidDiag utility logs server responses from external applications, potentially exposing sensitive data in log files. The issue is confirmed in multiple sources; remediation is to update to Splunk Enterprise 9.0.8 or newe...

CVE-2023-22934

Splunk Enterprise is affected in versions prior to 8.1.13, 8.2.10, and 9.0.4. The vulnerability stems from the pivot SPL command bypassing safeguards for risky commands when used with a saved search job, requiring an authenticated user to craft the saved job and a higher-privileged user to initia...

CVE-2023-32716

The CVE-2023-32716 issue affects Splunk Enterprise and Splunk Cloud Platform where the vulnerable code path is the {{dump}} SPL command. Affected are Splunk Enterprise versions prior to 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions prior to 9.0.2303.100. Exploitation can cause a d...

CVE-2024-23676

CVE-2024-23676 affects Splunk Enterprise: versions below 9.0.8 and 9.1.3 expose index metrics via the mrollup SPL command to low-privilege users, requiring interaction from a high-privileged user. The root cause is insufficient access control around mrollup, enabling sensitive metric disclosure. ...

CVE-2023-22939

The CVE-2023-22939 vulnerability affects Splunk Enterprise versions prior to 8.1.13, 8.2.10, and 9.0.4. It involves the map SPL command that lets a search bypass safeguards for risky commands, requiring a higher-privileged user to initiate a request from a user’s browser and only impacting instan...

CVE-2023-40596

Summary of CVE-2023-40596 (Splunk Enterprise on Windows) A DLL shipped with Splunk Enterprise references an insecure OPENSSLDIR build definition path, enabling an attacker to install malicious code and achieve privilege escalation on Windows. Affected versions are Splunk Enterprise prior to 8.2.1...

CVE-2023-22932

CVE-2023-22932 affects Splunk Enterprise 9.0 versions before 9.0.4 with Splunk Web enabled. A View can trigger Cross‑Site Scripting via the error message in a Base64‑encoded image. Affected: Splunk Enterprise 9.0.0–9.0.3. Remediation: upgrade to 9.0.4 or later; as a temporary workaround, disable ...

CVE-2023-32710

Summary: CVE-2023-32710 affects Splunk Enterprise versions prior to 9.0.5, 8.2.11, 8.1.14 and Splunk Cloud Platform prior to 9.0.2303.100. A low-privileged user can transfer data from a recently run search by using the copyresults command if they know the search ID (SID). Impact: Potential unauth...

CVE-2023-22935

CVE-2023-22935 affects Splunk Enterprise versions prior to 8.1.13, 8.2.10, and 9.0.4. The vulnerability is caused by the display.page.search.patterns.sensitivity parameter which lets a user bypass SPL safeguards for risky commands. It requires a higher-privileged user to initiate a request from t...

CVE-2023-22940

The CVE-2023-22940 issue affects Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4. The root cause is that aliases of the collect SPL command (including summaryindex, sumindex, stash, mcollect, and meventcollect) were not designated as safeguarded commands, potentially allowing data to b...

CVE-2023-22937

CVE-2023-22937 affects Splunk Enterprise: versions below 8.1.13, 8.2.10, and 9.0.4 allow the lookup table upload feature to accept lookup tables with arbitrary filename extensions; only .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl are permitted. This is a validation/enforcement issue in the upl...

CVE-2023-22931

Splunk Enterprise before versions 8.1.13 and 8.2.10 are affected by CVE-2023-22931 due to the createrss external search command overwriting RSS feeds without permission checks. The root cause is the use of a deprecated feature that has been disabled by default, but remains exploitable in older bu...

CVE-2023-32717

Summary: CVE-2023-32717 affects Splunk Enterprise and Splunk Cloud Platform. An unauthorized user can access the REST endpoint /services/indexing/preview to overwrite search results if they know the SID of an existing search job. The issue is rooted in RBAC/endpoint handling for that path. Affect...

CVE-2023-40594

The CVE-2023-40594 issue affects Splunk Enterprise. Affected versions are Splunk Enterprise < 8.2.12, < 9.0.6, and

CVE-2023-32709

Summary (CVE-2023-32709) : Affects Splunk Enterprise <9.0.5, <8.2.11, <8.1.14 and Splunk Cloud Platform

CVE-2023-46213

CVE-2023-46213 affects Splunk Enterprise: versions prior to 9.0.7 and 9.1.2 are vulnerable due to ineffective escaping in the Show syntax Highlighted feature, enabling unauthorized code execution in a user’s browser (XSS). The vulnerability is documented across multiple sources (Splunk advisory S...

CVE-2023-40593

Summary: CVE-2023-40593 affects Splunk Enterprise versions prior to 9.0.6 and 8.2.12. A malformed SAML request to the /saml/acs endpoint can cause a denial of service via a crash or hang of the Splunk daemon. Details from connected sources: Advised fixes include updating to Splunk Enterprise 9.0....

CVE-2024-23678

CVE-2024-23678 affects Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3. The issue is improper sanitization of path input data, causing unsafe deserialization of untrusted data from a separate disk partition. Impacted areas involve confidentiality, integrity, and availability. Remedia...

CVE-2024-29945

CVE-2024-29945 affects Splunk Enterprise: authentication tokens can be exposed during token validation when running in debug mode or JsonWebToken logging at DEBUG. Affected versions are Splunk Enterprise < 9.2.1, < 9.1.4, and

CVE-2022-26889

Splunk Enterprise before 8.1.2 is vulnerable to a path traversal flaw in the URI path used to load a relative resource within a web page. The root cause is lack of proper filtering of relative URL paths, enabling potential arbitrary content injection (HTML Injection, XSS) or bypass of SPL safegua...

CVE-2021-26253

CVE-2021-26253 describes a bypass of Splunk Enterprise’s Duo MFA in versions prior to 8.1.6. The vulnerability affects Splunk Enterprise instances configured to use Duo MFA; it does not impact Duo’s products or services. Connected sources confirm an MFA bypass risk tied to Splunk’s MFA implementa...

CVE-2022-37439

CVE-2022-37439 affects Splunk Enterprise and Universal Forwarder when indexing a specially crafted ZIP file via the file monitoring input, causing the application to crash and requiring manual removal of the malformed file. Connected sources confirm affected versions and potential impact to avail...

CVE-2024-53246

CVE-2024-53246 affects Splunk products where an SPL command can disclose sensitive information. Affected are Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206. Exploitation requires chainin...

CVE-2022-32158

Summary: CVE-2022-32158 affects Splunk Enterprise deployment servers. Versions before 8.1.10.1, 8.2.6.1, and 9.0 allow clients to publish forwarder bundles through the deployment server. If a Universal Forwarder endpoint is compromised, an attacker could execute arbitrary code on all other Univer...

CVE-2024-36983

CVE-2024-36983 concerns Splunk Enterprise (versions < 9.2.2, < 9.1.5, < 9.0.10) and Splunk Cloud Platform (versions < 9.1.2312.109,

CVE-2021-3422

The CVE-2021-3422 issue is a DoS in Splunk Enterprise caused by a lack of validation of a key‑value field in the Splunk‑to‑Splunk protocol. Affected are Splunk Enterprise versions before 7.3.9, before 8.0.9, and before 8.1.3; Universal Forwarders are not directly affected. When forwarders are sec...

CVE-2022-43571

CVE-2022-43571 affects Splunk Enterprise prior to versions 8.2.9, 8.1.12, and 9.0.2. An authenticated user can trigger arbitrary code execution via the dashboard PDF generation component (SimpleXML dashboards) due to code injection in styling parameters used during PDF export. Exploitation is dem...