Lucene search
+L
SplunkSplunk Cloud Platform

106 matches found

cve
cve
added 2022/11/04 10:21 p.m.79 views

CVE-2022-43567

Splunk Enterprise: vulnerability CVE-2022-43567 affects the Mobile Alerts feature of the Splunk Secure Gateway app. An authenticated user could remotely execute arbitrary OS commands via specially crafted requests. Affected versions are Splunk Enterprise < 8.2.9, < 8.1.12, and

8.8CVSS8.8AI score0.01194EPSS
cve
cve
added 2024/07/01 4:57 p.m.76 views

CVE-2024-36997

CVE-2024-36997 affects Splunk Enterprise (and Splunk Cloud Platform) where an admin can store and execute arbitrary JavaScript in another user’s browser via the conf-web/settings REST endpoint, enabling persistent XSS. Affected versions are Splunk Enterprise below 9.2.2, 9.1.5, and 9.0.10, and Sp...

8.1CVSS7.4AI score0.00547EPSS
cve
cve
added 2024/10/14 5:3 p.m.76 views

CVE-2024-45736

CVE-2024-45736 affects Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111. A low-privileged user without admin/power roles can craft a search query with an improperly formatted INGEST_EVAL parameter in a ...

6.5CVSS6.5AI score0.00541EPSS
cve
cve
added 2026/06/10 5:16 p.m.75 views

CVE-2026-20251

CVE-2026-20251 affects Splunk Enterprise (versions below 10.2.4/10.0.7/9.4.12/9.3.13), Splunk Cloud Platform (below 10.3.2512.12/10.2.2510.14/10.1.2507.22/9.3.2411.132), and Splunk Secure Gateway (below 3.10.6/3.9.20/3.8.67). A low-privileged user (not admin/power) can achieve Remote Code Executi...

8.8CVSS5.8AI score0.00575EPSS
cve
cve
added 2022/11/04 10:22 p.m.74 views

CVE-2022-43570

CVE-2022-43570 affects Splunk Enterprise prior to 8.1.12, 8.2.9, and 9.0.2. An authenticated user can perform an XML External Entity (XXE) injection via a custom View, causing Splunk Web to embed incorrect documents into an error page. Root cause: XXE vulnerability in the handling of XML in custo...

8.8CVSS7.1AI score0.00656EPSS
cve
cve
added 2022/06/15 4:46 p.m.73 views

CVE-2022-32152

CVE-2022-32152 affects Splunk Enterprise and Splunk Cloud Platform where TLS host name validation for Splunk-to-Splunk communications was not enforced by default in versions before 9.0 (Splunk Enterprise) and before 8.2.2203 (Splunk Cloud). The issue allowed an administrator to add a peer with an...

8.1CVSS7.3AI score0.00851EPSS
cve
cve
added 2022/11/04 10:20 p.m.73 views

CVE-2022-43565

CVE-2022-43565 (Splunk Enterprise) : Affects Splunk Enterprise versions prior to 8.2.9 and prior to 8.1.12. Root cause: the tstats command’s handling of JSON can bypass SPL safeguards for risky commands, enabling manipulation if a user is phished into initiating a request in their browser. Exploi...

8.8CVSS8.6AI score0.00595EPSS
cve
cve
added 2024/10/14 4:45 p.m.73 views

CVE-2024-45735

Summary (CVE-2024-45735) : Splunk Enterprise versions before 9.2.3 and 9.1.6, and Splunk Secure Gateway on Splunk Cloud Platform versions before 3.4.259, 3.6.17, or 3.7.0 allow a low-privileged user (not admin/power) to view App Key Value Store (KV Store) deployment configuration and public/priva...

4.3CVSS4.5AI score0.00349EPSS
cve
cve
added 2022/06/15 4:48 p.m.72 views

CVE-2022-32154

Splunk Enterprise before 9.0 is affected by CVE-2022-32154 in its dashboards: an attacker could inject risky search commands into a form token used in a cross-origin query, bypassing SPL safeguards for risky commands. The issue is browser-based; exploitation depends on the attacker delivering a f...

8.1CVSS7.3AI score0.01271EPSS
cve
cve
added 2024/10/14 5:3 p.m.72 views

CVE-2024-45737

CVE-2024-45737 affects Splunk Enterprise versions prior to 9.3.1, 9.2.3, and 9.1.6, and Splunk Cloud Platform prior to 9.2.2403.108 (and 9.1.2312.204). A low-privileged user without admin/power roles can change the maintenance mode state of KVStore via CSRF. The CVE is documented across multiple ...

4.3CVSS4.4AI score0.00214EPSS
cve
cve
added 2025/03/26 10:3 p.m.71 views

CVE-2025-20227

CVE-2025-20227 affects Splunk Enterprise and Splunk Cloud Platform: a low-privileged user without admin/power roles could bypass the external content warning modal in Dashboard Studio dashboards, enabling information disclosure. Affected versions include Splunk Enterprise < 9.4.1, < 9.3.3, ...

4.3CVSS6.8AI score0.00386EPSS
cve
cve
added 2022/11/03 10:6 p.m.70 views

CVE-2022-43561

CVE-2022-43561 affects Splunk Enterprise: versions prior to 8.1.12, 8.2.9, and 9.0.2. A remote user with the “power” role can store arbitrary scripts via the Save Table feature, enabling persistent cross-site scripting (XSS) on Splunk Web-enabled instances. The underlying vulnerability allows inj...

6.4CVSS5.3AI score0.00634EPSS
cve
cve
added 2022/11/04 10:19 p.m.69 views

CVE-2022-43563

Splunk Enterprise is affected in versions before 8.2.9 and 8.1.12 due to how the rex search command handles field names, which can bypass SPL safeguards for risky commands. The attack requires phishing the victim into initiating a request in their browser; it is not exploitable at will. The issue...

8.8CVSS8.6AI score0.00595EPSS
cve
cve
added 2025/03/26 10:2 p.m.69 views

CVE-2025-20226

CVE-2025-20226 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power) can bypass SPL safeguards on the /services/streams/search endpoint via the q parameter and execute a risky command using higher-privilege permissions after phishing the victim. Affected ver...

5.7CVSS7.2AI score0.00434EPSS
Web
cve
cve
added 2026/06/10 5:16 p.m.69 views

CVE-2026-20252

Splunk Enterprise and Splunk Cloud Platform are affected by CVE-2026-20252 due to an SSRF in Dashboard Studio PDF export. A low-privilege user (not admin/power role) can cause server-side requests to arbitrary internal destinations by abusing the PDF export feature. Root cause: trusted-domain val...

7.6CVSS5.6AI score0.00255EPSS
cve
cve
added 2022/11/04 10:21 p.m.68 views

CVE-2022-43566

CVE-2022-43566 affects Splunk Enterprise: versions prior to 8.2.9, 8.1.12, and 9.0.2 allow an authenticated user to execute risky commands using a more privileged user’s permissions to bypass SPL safeguards in Analytics Workspace. The attack requires phishing the victim into initiating a request ...

8CVSS7.4AI score0.00778EPSS
cve
cve
added 2022/11/04 10:20 p.m.66 views

CVE-2022-43564

CVE-2022-43564 affects Splunk Enterprise. A remote user who can create search macros and schedule search reports can trigger a denial of service by submitting specially crafted search macros in versions before 8.1.12, 8.2.9, or 9.0.2. The issue’s described impact is DoS; no other exploitation or ...

6.5CVSS5.7AI score0.00794EPSS
cve
cve
added 2022/08/16 7:49 p.m.63 views

CVE-2022-37438

CVE-2022-37438 affects Splunk Enterprise. An authenticated user can craft a dashboard (requires access to create/share dashboards via Splunk Web) and may leak information about other Splunk users (e.g., username, email, real name) through the dashboard drilldown component. The issue is scoped to ...

3.5CVSS3.6AI score0.00443EPSS
cve
cve
added 2022/11/04 10:22 p.m.63 views

CVE-2022-43569

CVE-2022-43569 affects Splunk Enterprise versions prior to 8.1.12, 8.2.9, and 9.0.2. An authenticated user can inject and store arbitrary scripts resulting in persistent cross-site scripting (XSS) in the object name of a Data Model. Remediation per sources: upgrade to 8.1.12 or later, 8.2.9 or la...

8CVSS5.8AI score0.007EPSS
cve
cve
added 2025/07/07 5:48 p.m.48 views

CVE-2025-20324

CVE-2025-20324 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user without admin/power roles can create or overwrite system source type configurations by sending a crafted payload to the REST endpoint at /servicesNS/nobody/search/admin/sourcetypes/ on the Splunk management ...

5.4CVSS6.5AI score0.00221EPSS
cve
cve
added 2026/06/10 5:16 p.m.43 views

CVE-2026-20258

This CVE concerns Stored XSS in Splunk Enterprise and Splunk Cloud Platform via a classic dashboard HTML panel. A low-privileged user (not admin/power roles) can store a malicious script that executes in another user’s browser, triggered by a phishing-like action to initiate a request. Affected v...

7.1CVSS5.7AI score0.00174EPSS
cve
cve
added 2025/10/01 4:8 p.m.40 views

CVE-2025-20371

CVE-2025-20371 affects Splunk Enterprise and Splunk Cloud Platform: unauthenticated SSRF that can cause REST API calls on behalf of an authenticated high-privilege user. Affected: Splunk Enterprise < 10.0.1; also versions 9.2.8–9.4.4; Splunk Cloud Platform < 9.3.2411.109, < 9.3.2408.119,

8.8CVSS6.5AI score0.00437EPSS
cve
cve
added 2025/07/07 5:47 p.m.38 views

CVE-2025-20320

CVE-2025-20320 affects Splunk Enterprise versions prior to 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions prior to 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121. A low-privilege user who should not have admin or power roles can craft a malicious payload via the User Interface ...

7.3CVSS6.6AI score0.00367EPSS
cve
cve
added 2025/07/07 5:48 p.m.35 views

CVE-2025-20325

Summary: CVE-2025-20325 affects Splunk Enterprise <9.4.3, <9.3.5, <9.2.7, <9.1.10 and Splunk Cloud Platform <9.3.2411.103, <9.3.2408.113,

5.3CVSS6.4AI score0.0031EPSS
cve
cve
added 2025/07/07 5:48 p.m.33 views

CVE-2025-20321

The CVE-2025-20321 issue affects Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119. It is a Cross-Site Request Forgery (CSRF) vulnerability that can change the membership state of a Splunk Search...

6.5CVSS6.5AI score0.00168EPSS
cve
cve
added 2026/06/10 5:16 p.m.33 views

CVE-2026-20255

The CVE-2026-20255 issue affects Splunk Enterprise (versions below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132). A low-privilege user can craft a malicious classic dashboard to exfiltrate sensitive data to an external ser...

5.7CVSS5.5AI score0.00245EPSS
cve
cve
added 2025/07/07 5:47 p.m.31 views

CVE-2025-20300

The CVE-2025-20300 issue affects Splunk Enterprise (versions below 9.4.2, 9.3.5, 9.2.6, 9.1.9) and Splunk Cloud Platform (below 9.3.2411.103, 9.3.2408.112, 9.2.2406.119). A low-privileged user who does not hold admin/power roles and has read-only access to a specific alert could suppress that ale...

4.3CVSS6.5AI score0.0025EPSS
cve
cve
added 2026/05/20 4:32 p.m.31 views

CVE-2026-20239

CVE-2026-20239 affects Splunk products: Splunk Enterprise (versions below 10.2.2 and 10.0.5) and Splunk Cloud Platform (below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13). A user with access to the _internal index could view session cookies and response bodies containing sensitive d...

7.5CVSS5.8AI score0.00485EPSS
cve
cve
added 2025/07/07 5:48 p.m.29 views

CVE-2025-20322

CVE-2025-20322 affects Splunk Enterprise and Splunk Cloud Platform. An unauthenticated attacker can trigger a rolling restart of the Search Head Cluster via a crafted SPL search command exploited through CSRF, potentially causing DoS. The attack requires phishing a administrator-level user to ini...

4.3CVSS6.6AI score0.00186EPSS
cve
cve
added 2025/10/01 4:8 p.m.29 views

CVE-2025-20367

Affected software: Splunk Enterprise (versions below 9.4.4, 9.3.6, 9.2.8) and Splunk Cloud Platform (below 9.3.2411.109, 9.3.2408.119, 9.2.2406.122). Vulnerability: a low-privileged user can craft a malicious payload via the dataset.command parameter of the /app/search/table endpoint, resulting i...

5.7CVSS6.7AI score0.00335EPSS
Web
cve
cve
added 2026/03/11 4:18 p.m.29 views

CVE-2026-20164

CVE-2026-20164 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user not in admin/power roles can access the REST endpoint /splunkd/__raw/servicesNS/-/-/configs/conf-passwords, exposing hashed or plaintext passwords from passwords.conf due to improper access control. Impact i...

6.5CVSS5.8AI score0.00228EPSS
cve
cve
added 2026/04/15 3:17 p.m.29 views

CVE-2026-20202

The CVE-2026-20202 entry concerns Splunk Enterprise (versions < 10.2.2, < 10.0.5, < 9.4.10, < 9.3.11) and Splunk Cloud Platform (versions < 10.4.2603.0, < 10.3.2512.6, < 10.2.2510.10, < 10.1.2507.20, < 10.0.2503.13,

6.6CVSS5.8AI score0.00246EPSS
cve
cve
added 2026/06/10 5:15 p.m.27 views

CVE-2026-20254

The affected products are Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132. A low-privileged user (not admin/power) can craft a malicious classic dashboard that exfiltrates sens...

5.7CVSS5.5AI score0.00247EPSS
cve
cve
added 2026/05/20 4:32 p.m.26 views

CVE-2026-20240

CVE-2026-20240 affects Splunk Enterprise (versions below 10.2.2, 10.0.5, 9.4.11, 9.3.12) and Splunk Cloud Platform (below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, 9.3.2411.129). A low-privilege user (not admin/power) can trigger a Denial of Service by abusing the coldTo...

6.5CVSS5.9AI score0.00396EPSS
cve
cve
added 2026/06/10 5:16 p.m.26 views

CVE-2026-20259

CVE-2026-20259 affects Splunk Enterprise (below 10.2.4 and below 10.0.7) and Splunk Cloud Platform (below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, 9.3.2411.131). A user with the high-privilege capability edit_saved_search_owner can reassign saved search ownership to us...

5.5CVSS5.5AI score0.00189EPSS
cve
cve
added 2025/12/03 5:0 p.m.25 views

CVE-2025-20384

CVE-2025-20384 affects Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.4, 10.0.2503.6, 9.3.2411.117.125. An unauthenticated attacker can inject ANSI escape codes into Splunk log files via improper validation at the /en-US/static/ endpoint, p...

5.3CVSS6.6AI score0.00352EPSS
cve
cve
added 2026/03/11 4:18 p.m.25 views

CVE-2026-20166

CVE-2026-20166 affects Splunk Enterprise and Splunk Cloud Platform where a low-privilege user (not admin/power) could retrieve the Observability Cloud API access token via the Discover Splunk Observability Cloud app due to improper access control. Affected: Splunk Enterprise < 10.2.1 and < ...

5.4CVSS5.8AI score0.00154EPSS
cve
cve
added 2026/04/15 3:17 p.m.25 views

CVE-2026-20203

CVE-2026-20203 describes improper access control in Data Model Acceleration for Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127. A low-privilege user ...

4.3CVSS5.8AI score0.00152EPSS
cve
cve
added 2026/06/10 5:16 p.m.25 views

CVE-2026-20257

CVE-2026-20257 affects Splunk Enterprise (versions below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132). A low-privileged user without admin/power roles can craft a classic dashboard that exfiltrates sensitive data from the...

5.7CVSS5.5AI score0.00198EPSS
cve
cve
added 2025/12/03 5:0 p.m.22 views

CVE-2025-20382

CVE-2025-20382 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power role) can create a views dashboard with a custom background via the data:image/png;base64 protocol, potentially causing an unvalidated redirect. This bypasses the external URL warning mechan...

5.4CVSS6.3AI score0.00198EPSS
cve
cve
added 2026/02/18 4:45 p.m.22 views

CVE-2026-20139

CVE-2026-20139 affects Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121. A low-privileged user (not admin/power) can craft a malicious payload into realname, tz, or email via the /spl...

4.3CVSS5.5AI score0.05145EPSS
Web
cve
cve
added 2025/10/01 4:8 p.m.20 views

CVE-2025-20368

CVE-2025-20368 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power roles) can craft a malicious payload via error messages and saved-search/job-inspector details, potentially causing unauthorized JavaScript execution in a user’s browser (XSS). Affected vers...

5.7CVSS6.5AI score0.00335EPSS
cve
cve
added 2025/11/12 5:23 p.m.20 views

CVE-2025-20379

CVE-2025-20379 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power) can run a saved search with a risky command by leveraging the permissions of a higher-privileged user to bypass SPL safeguards, specifically via the /services/streams/search endpoint and th...

3.5CVSS6.5AI score0.00276EPSS
Web
cve
cve
added 2025/12/03 5:0 p.m.20 views

CVE-2025-20383

CVE-2025-20383 affects Splunk Enterprise (below 10.0.2 and older 9.x branches) and the Splunk Secure Gateway app (below 3.7.28/3.8.58/3.9.10) in Splunk Cloud Platform. A low-privilege user with mobile push notifications enabled can see the title and description of reports/alerts they are not auth...

4.3CVSS6.2AI score0.00271EPSS
cve
cve
added 2026/06/10 5:15 p.m.20 views

CVE-2026-20256

Splunk Enterprise (versions < 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (versions

5.7CVSS5.4AI score0.00252EPSS
cve
cve
added 2026/02/18 4:45 p.m.19 views

CVE-2026-20137

CVE-2026-20137 affects Splunk Enterprise (multiple legacy branches) and Splunk Cloud Platform. A low-privilege user lacking admin/power roles can bypass SPL safeguards for risky commands when creating a Data Model containing an injected SPL query within an object, by exploiting a path traversal v...

5.7CVSS5.5AI score0.00222EPSS
cve
cve
added 2026/02/18 4:45 p.m.19 views

CVE-2026-20144

CVE-2026-20144 affects Splunk Enterprise (and Cloud Platform variants) where a user with access to the _internal index on a Search Head Cluster could view SAML configurations (AQRs or Authentication extensions) in plain text in the conf.log. Affected are Splunk Enterprise versions below 10.2.0, 1...

6.8CVSS5.5AI score0.00363EPSS
cve
cve
added 2025/10/01 4:7 p.m.18 views

CVE-2025-20370

Summary (CVE-2025-20370) : Splunk Enterprise releases older than 10.0.1 and certain 9.x versions, plus Splunk Cloud Platform releases below specific 9.3.24xx/9.2.24xx builds, are affected. A user with the high-privilege capability change_authentication can send multiple LDAP bind requests to an i...

4.9CVSS6.1AI score0.00525EPSS
cve
cve
added 2025/12/03 5:0 p.m.18 views

CVE-2025-20385

CVE-2025-20385 affects Splunk Enterprise below 10.0.2, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.6, 10.0.2503.7, 9.3.2411.117. A high-privilege user (admin_all_objects) can craft a malicious payload via the href attribute of an anchor tag in a navigation bar collection, resul...

4.8CVSS6.6AI score0.00241EPSS
cve
cve
added 2025/12/03 5:0 p.m.18 views

CVE-2025-20389

CVE-2025-20389 affects Splunk Enterprise and the Splunk Secure Gateway app. A low-privilege user (not admin/power) can craft a malicious payload via the label column after adding a new device in Splunk Secure Gateway, potentially causing a client-side DoS. Affected versions: Splunk Enterprise &lt...

6.5CVSS6.2AI score0.00371EPSS
Total number of security vulnerabilities106