CVE-2023-32707

Summary of CVE-2023-32707 : Affected Splunk products include Splunk Enterprise < 9.0.5, 8.2.11, and 8.1.14 and Splunk Cloud Platform

CVE-2023-40598

CVE-2023-40598 affects Splunk Enterprise prior to 8.2.12, 9.0.6, and 9.1.1. The issue allows an attacker to create an external lookup that calls a legacy internal function, enabling insertion of code into the Splunk installation directory and resulting in arbitrary code execution on the platform ...

CVE-2023-32708

Summary of CVE-2023-32708 (Splunk): A HTTP response splitting vulnerability can be triggered by the REST command via the rest SPL, allowing a low-privileged user to potentially access other REST endpoints. Affected products/versions are: Splunk Enterprise < 9.0.5, < 8.2.11, and < 8.1.14,...

CVE-2023-22938

CVE-2023-22938 affects Splunk Enterprise: in versions below 8.1.13, 8.2.10, and 9.0.4, the sendemail REST API endpoint allows any authenticated user to send an email as the Splunk instance. The root cause is improper permission validation on the endpoint, enabling unauthorized mail actions. The v...

CVE-2023-22941

CVE-2023-22941 affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 are vulnerable due to an improperly formatted INGEST_EVAL parameter in a Field Transformation, which can crash the splunkd daemon. The issue is rooted in input parsing of INGEST_EVAL/INGEST EVAL and has the pote...

CVE-2023-32706

Summary: CVE-2023-32706 affects Splunk Enterprise versions prior to 9.0.5, 8.2.11, and 8.1.14. An unauthenticated attacker can send specially crafted messages to the XML parser in SAML authentication, triggering a Denial of Service (DoS) in the Splunk daemon. What’s affected: Splunk Enterprise on...

CVE-2023-22933

CVE-2023-22933 affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 expose a Cross-Site Scripting (XSS) vulnerability in an XML View via the layoutPanel attribute on the module tag. The issue arises in Splunk Web-enabled deployments and could allow client-side code execution. Re...

CVE-2023-22936

The CVE-2023-22936 issue affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 are vulnerable via the search_listener parameter in a search, enabling a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot observe the response unle...

CVE-2023-40592

CVE-2023-40592 affects Splunk Enterprise: versions below 9.1.1, 9.0.6, and 8.2.12 are vulnerable due to a reflected XSS in the /app/search/table endpoint. The underlying issue allows an attacker to craft a special web request that can lead to arbitrary command execution on the Splunk platform. Re...

CVE-2023-40595

CVE-2023-40595 affects Splunk Enterprise prior to 8.2.12, 9.0.6, and 9.1.1. The issue arises from a deserialization flaw in the Splunk Web interface that allows an attacker to send a specially crafted query to serialize untrusted data, enabling arbitrary code execution. Exploitation details in co...

CVE-2023-40597

CVE-2023-40597 affects Splunk Enterprise if running versions before 8.2.12, 9.0.6, or 9.1.1. The vulnerability is an absolute path traversal in the runshellscript.py component that enables an attacker to execute arbitrary code located on a separate disk. Exploitation results in a high impact acro...

CVE-2023-22934

Splunk Enterprise is affected in versions prior to 8.1.13, 8.2.10, and 9.0.4. The vulnerability stems from the pivot SPL command bypassing safeguards for risky commands when used with a saved search job, requiring an authenticated user to craft the saved job and a higher-privileged user to initia...

CVE-2023-32716

The CVE-2023-32716 issue affects Splunk Enterprise and Splunk Cloud Platform where the vulnerable code path is the {{dump}} SPL command. Affected are Splunk Enterprise versions prior to 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions prior to 9.0.2303.100. Exploitation can cause a d...

CVE-2023-22939

The CVE-2023-22939 vulnerability affects Splunk Enterprise versions prior to 8.1.13, 8.2.10, and 9.0.4. It involves the map SPL command that lets a search bypass safeguards for risky commands, requiring a higher-privileged user to initiate a request from a user’s browser and only impacting instan...

CVE-2023-22932

CVE-2023-22932 affects Splunk Enterprise 9.0 versions before 9.0.4 with Splunk Web enabled. A View can trigger Cross‑Site Scripting via the error message in a Base64‑encoded image. Affected: Splunk Enterprise 9.0.0–9.0.3. Remediation: upgrade to 9.0.4 or later; as a temporary workaround, disable ...

CVE-2023-32710

Summary: CVE-2023-32710 affects Splunk Enterprise versions prior to 9.0.5, 8.2.11, 8.1.14 and Splunk Cloud Platform prior to 9.0.2303.100. A low-privileged user can transfer data from a recently run search by using the copyresults command if they know the search ID (SID). Impact: Potential unauth...

CVE-2023-22935

CVE-2023-22935 affects Splunk Enterprise versions prior to 8.1.13, 8.2.10, and 9.0.4. The vulnerability is caused by the display.page.search.patterns.sensitivity parameter which lets a user bypass SPL safeguards for risky commands. It requires a higher-privileged user to initiate a request from t...

CVE-2023-22940

The CVE-2023-22940 issue affects Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4. The root cause is that aliases of the collect SPL command (including summaryindex, sumindex, stash, mcollect, and meventcollect) were not designated as safeguarded commands, potentially allowing data to b...

CVE-2023-22937

CVE-2023-22937 affects Splunk Enterprise: versions below 8.1.13, 8.2.10, and 9.0.4 allow the lookup table upload feature to accept lookup tables with arbitrary filename extensions; only .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl are permitted. This is a validation/enforcement issue in the upl...

CVE-2023-22931

Splunk Enterprise before versions 8.1.13 and 8.2.10 are affected by CVE-2023-22931 due to the createrss external search command overwriting RSS feeds without permission checks. The root cause is the use of a deprecated feature that has been disabled by default, but remains exploitable in older bu...

CVE-2023-32717

Summary: CVE-2023-32717 affects Splunk Enterprise and Splunk Cloud Platform. An unauthorized user can access the REST endpoint /services/indexing/preview to overwrite search results if they know the SID of an existing search job. The issue is rooted in RBAC/endpoint handling for that path. Affect...

CVE-2023-40594

The CVE-2023-40594 issue affects Splunk Enterprise. Affected versions are Splunk Enterprise < 8.2.12, < 9.0.6, and

CVE-2023-32709

Summary (CVE-2023-32709) : Affects Splunk Enterprise <9.0.5, <8.2.11, <8.1.14 and Splunk Cloud Platform

CVE-2023-40593

Summary: CVE-2023-40593 affects Splunk Enterprise versions prior to 9.0.6 and 8.2.12. A malformed SAML request to the /saml/acs endpoint can cause a denial of service via a crash or hang of the Splunk daemon. Details from connected sources: Advised fixes include updating to Splunk Enterprise 9.0....

CVE-2024-53246

CVE-2024-53246 affects Splunk products where an SPL command can disclose sensitive information. Affected are Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206. Exploitation requires chainin...

CVE-2024-36983

CVE-2024-36983 concerns Splunk Enterprise (versions < 9.2.2, < 9.1.5, < 9.0.10) and Splunk Cloud Platform (versions < 9.1.2312.109,

CVE-2022-43571

CVE-2022-43571 affects Splunk Enterprise prior to versions 8.2.9, 8.1.12, and 9.0.2. An authenticated user can trigger arbitrary code execution via the dashboard PDF generation component (SimpleXML dashboards) due to code injection in styling parameters used during PDF export. Exploitation is dem...

CVE-2025-20229

CVE-2025-20229 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power roles) can achieve Remote Code Execution by uploading to the $SPLUNK_HOME/var/run/splunk/apptemp directory due to missing authorization checks in vulnerable Splunk versions (Enterprise < ...

CVE-2024-45741

CVE-2024-45741 affects Splunk Enterprise versions prior to 9.2.3 and 9.1.6, and Splunk Cloud Platform versions prior to 9.2.2403.108 and 9.1.2312.205. A low-privileged user without admin/power roles can inject a malicious payload via a custom configuration file used by the api.uri parameter in th...

CVE-2025-20232

CVE-2025-20232 affects Splunk Enterprise (versions prior to 9.3.3, 9.2.5, 9.1.8) and Splunk Cloud Platform (prior to 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208, 9.1.2308.212). A low-privileged user without admin/power roles can abuse the /app/search/search endpoint via the s parameter...

CVE-2024-36992

CVE-2024-36992 affects Splunk Enterprise and Splunk Cloud Platform. A low-privilege user who does not hold admin/power roles can craft a malicious payload via a Dashboard element’s url parameter due to insufficient input validation, leading to persistent Cross-site Scripting (XSS) by executing un...

CVE-2024-36994

CVE-2024-36994 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power role) can craft a malicious payload through a web View and Bulletin Messages in the Splunk Web interface, leading to execution of unauthorized JavaScript in the victim’s browser. Affected: S...

CVE-2024-36995

CVE-2024-36995 affects Splunk Enterprise and Splunk Cloud Platform where a low-privileged user (not admin/power roles) could create experimental items. Affected versions are: Splunk Enterprise < 9.2.2, < 9.1.5, < 9.0.10; Splunk Cloud Platform < 9.1.2312.200 and

CVE-2024-36996

CVE-2024-36996 affects Splunk Enterprise and Splunk Cloud Platform where SAML is enabled. Affected: Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10; Splunk Cloud Platform below 9.1.2312.109. An attacker could learn whether another user exists by deciphering the login error response, ena...

CVE-2024-53245

CVE-2024-53245 affects Splunk Enterprise and Splunk Cloud Platform where a low-privilege user whose username matches a role with read access to dashboards can clone a dashboard and view its name and XML. Affected versions are Splunk Enterprise < 9.3.0, < 9.2.4, and < 9.1.7, and Splunk Cl...

CVE-2024-36990

Affected software : Splunk Enterprise (versions below 9.2.2, 9.1.5, 9.0.10) and Splunk Cloud Platform below 9.2.2403.100. Vulnerability : An authenticated, low-privileged user without admin/power roles can send a crafted HTTP POST to the datamodel/web REST endpoint, potentially causing a Denial o...

CVE-2022-32151

CVE-2022-32151 affects Splunk Enterprise before version 9.0 and Splunk Cloud Platform before 8.2.2203. Root cause: the httplib and urllib Python libraries shipped with Splunk did not validate certificates using CA certificate stores by default. Impact: servers may be vulnerable where certificate ...

CVE-2022-43572

Summary: CVE-2022-43572 affects Splunk Enterprise where a malformed file sent via the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer can cause a blockage/denial-of-service that prevents indexing. Affected versions (per sources): Splunk Enterprise below 8.2.9, below 8...

CVE-2024-45740

CVE-2024-45740 affects Splunk Enterprise <9.2.3/9.1.6 and Splunk Cloud Platform

CVE-2022-32155

CVE-2022-32155 concerns Splunk Universal Forwarder management services. The issue described in the sources is that versions before 9.0 expose management services remotely by default, creating a potential exposure rather than a technical vulnerability. Splunk 9.0 binds the management port to local...

CVE-2022-43568

Splunk Enterprise is affected by CVE-2022-43568. The vulnerability is a Reflected Cross-Site Scripting flaw in a View when output_mode=radio, triggered by JSON in a query parameter. Affected versions are Splunk Enterprise below 8.1.12, below 8.2.9, and below 9.0.2. Documented impact indicates hig...

CVE-2024-36993

CVE-2024-36993 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user without admin/power roles can inject a payload via Splunk Web Bulletin Messages, causing execution of unauthorized JavaScript in a user’s browser. Affected versions: Splunk Enterprise < 9.2.2, < 9.1.5,...

CVE-2025-20297

Vulnerability CVE-2025-20297 affects Splunk Enterprise before 9.4.2, 9.3.4, and 9.2.6, and Splunk Cloud Platform before 9.3.2411.102, 9.3.2408.111, and 9.2.2406.118. A low-privileged user can craft a payload via the pdfgen/render REST endpoint, potentially executing unauthorized JavaScript in a u...

CVE-2022-43562

CVE-2022-43562 | Splunk Enterprise : The issue is a Host header validation/escaping flaw in Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2. A remote authenticated user could exploit this to perform attacks such as cross-site scripting and cache poisoning. Root cause is improper handlin...

CVE-2022-43567

Splunk Enterprise: vulnerability CVE-2022-43567 affects the Mobile Alerts feature of the Splunk Secure Gateway app. An authenticated user could remotely execute arbitrary OS commands via specially crafted requests. Affected versions are Splunk Enterprise < 8.2.9, < 8.1.12, and

CVE-2024-45732

CVE-2024-45732 affects Splunk Enterprise versions prior to 9.3.1 and 9.2.0 prior to 9.2.3, plus Splunk Cloud Platform prior to 9.2.2403.103, including 9.1.2312.200/9.1.2312.110/9.1.2308.208. Description: a low-privileged user without admin or power roles could run a search as the nobody user with...

CVE-2024-53244

CVE-2024-53244 affects Splunk Enterprise and Splunk Cloud Platform: versions prior to 9.3.2 (Enterprise) and prior to 9.2.2406.107, 9.2.2403.109, 9.1.2312.206 (Cloud) are vulnerable. The issue is a bypass of SPL safeguards for risky commands via the s parameter on the /en-US/app/search/report end...

CVE-2025-20228

In Splunk Enterprise, versions prior to 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform prior to 9.2.2403.108 and 9.1.2312.204 are affected. A low-privileged user without admin/power roles can trigger a Cross-Site Request Forgery (CSRF) to change the KVStore maintenance mode state. This is the...

CVE-2024-36997

CVE-2024-36997 affects Splunk Enterprise (and Splunk Cloud Platform) where an admin can store and execute arbitrary JavaScript in another user’s browser via the conf-web/settings REST endpoint, enabling persistent XSS. Affected versions are Splunk Enterprise below 9.2.2, 9.1.5, and 9.0.10, and Sp...

CVE-2022-32153

CVE-2022-32153 affects Splunk Enterprise prior to 9.0 and Splunk Cloud Platform prior to 8.2.2203, where TLS hostname validation was not performed by default for Splunk-to-Splunk communications. This allowed a scenario where an attacker with administrator credentials could add a peer with an inva...