Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SplunkSplunk Cloud Platform*

69 matches found

CVE
CVEadded 2023/06/01 5:15 p.m.231 views

CVE-2023-32707

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted we...

8.8CVSS8.6AI score0.82474EPSS
CVE
CVEadded 2023/08/30 5:15 p.m.180 views

CVE-2023-40598

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on...

8.8CVSS8.8AI score0.00084EPSS
CVE
CVEadded 2023/02/14 6:15 p.m.171 views

CVE-2023-22938

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.

4.3CVSS4.5AI score0.00111EPSS
CVE
CVEadded 2023/06/01 5:15 p.m.170 views

CVE-2023-32708

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrari...

8.8CVSS7.9AI score0.00157EPSS
CVE
CVEadded 2023/02/14 6:15 p.m.156 views

CVE-2023-22936

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within ...

6.3CVSS6.3AI score0.00089EPSS
CVE
CVEadded 2023/08/30 5:15 p.m.155 views

CVE-2023-40592

In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk...

8.4CVSS6.9AI score0.00272EPSS
CVE
CVEadded 2023/02/14 6:15 p.m.151 views

CVE-2023-22941

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).

7.5CVSS6.9AI score0.00328EPSS
CVE
CVEadded 2023/06/01 5:15 p.m.151 views

CVE-2023-32706

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.

7.7CVSS6.7AI score0.00165EPSS
CVE
CVEadded 2023/02/14 6:15 p.m.150 views

CVE-2023-22933

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.

8CVSS6.1AI score0.00515EPSS
CVE
CVEadded 2023/08/30 5:15 p.m.150 views

CVE-2023-40595

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.

8.8CVSS8.9AI score0.00429EPSS
CVE
CVEadded 2023/02/14 6:15 p.m.145 views

CVE-2023-22934

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user t...

8CVSS7.5AI score0.00076EPSS
CVE
CVEadded 2023/02/14 6:15 p.m.145 views

CVE-2023-22939

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Sp...

8.8CVSS8.2AI score0.00068EPSS
CVE
CVEadded 2023/08/30 5:15 p.m.145 views

CVE-2023-40597

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

8.8CVSS8.6AI score0.00054EPSS
CVE
CVEadded 2023/02/14 6:15 p.m.143 views

CVE-2023-22932

In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.

8.7CVSS6.4AI score0.0043EPSS
CVE
CVEadded 2023/02/14 6:15 p.m.143 views

CVE-2023-22935

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects inst...

8.8CVSS8.3AI score0.00098EPSS
CVE
CVEadded 2023/06/01 5:15 p.m.142 views

CVE-2023-32710

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recentl...

5.3CVSS5.2AI score0.00215EPSS
CVE
CVEadded 2023/06/01 5:15 p.m.141 views

CVE-2023-32716

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.

6.5CVSS6.4AI score0.0016EPSS
CVE
CVEadded 2023/02/14 6:15 p.m.139 views

CVE-2023-22940

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the...

6.3CVSS5.8AI score0.00167EPSS
CVE
CVEadded 2023/02/14 6:15 p.m.137 views

CVE-2023-22937

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.

4.3CVSS4.7AI score0.00189EPSS
CVE
CVEadded 2023/06/01 5:15 p.m.136 views

CVE-2023-32717

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.

4.3CVSS4.5AI score0.00091EPSS
CVE
CVEadded 2023/02/14 6:15 p.m.133 views

CVE-2023-22931

In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.

4.3CVSS4.8AI score0.00069EPSS
CVE
CVEadded 2023/06/01 5:15 p.m.133 views

CVE-2023-32709

In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ...

4.3CVSS4.9AI score0.00125EPSS
CVE
CVEadded 2023/08/30 5:15 p.m.131 views

CVE-2023-40594

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the printf SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.

7.5CVSS6.8AI score0.00114EPSS
CVE
CVEadded 2023/08/30 5:15 p.m.130 views

CVE-2023-40593

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the /saml/acs REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.

7.5CVSS6.8AI score0.00126EPSS
CVE
CVEadded 2024/12/10 6:15 p.m.94 views

CVE-2024-53246

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such ...

7.5CVSS5.4AI score0.0004EPSS
CVE
CVEadded 2022/11/03 11:15 p.m.92 views

CVE-2022-43571

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.

8.8CVSS8.9AI score0.26351EPSS
CVE
CVEadded 2024/07/01 5:15 p.m.90 views

CVE-2024-36983

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code in...

8.8CVSS8AI score0.00216EPSS
CVE
CVEadded 2024/10/14 5:15 p.m.86 views

CVE-2024-45741

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter ...

5.4CVSS5.6AI score0.00139EPSS
CVE
CVEadded 2025/03/26 10:15 p.m.81 views

CVE-2025-20229

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file u...

8CVSS7.9AI score0.001EPSS
CVE
CVEadded 2024/07/01 5:15 p.m.73 views

CVE-2024-36994

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could re...

5.4CVSS5.6AI score0.00268EPSS
CVE
CVEadded 2024/07/01 5:15 p.m.72 views

CVE-2024-36995

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.

5.4CVSS4.7AI score0.0007EPSS
CVE
CVEadded 2022/06/15 5:15 p.m.71 views

CVE-2022-32151

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries ...

9.1CVSS8.5AI score0.00277EPSS
CVE
CVEadded 2022/11/04 11:15 p.m.71 views

CVE-2022-43572

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing.

7.5CVSS6.5AI score0.00364EPSS
CVE
CVEadded 2024/12/10 6:15 p.m.71 views

CVE-2024-53245

In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard n...

4.3CVSS3.9AI score0.00059EPSS
CVE
CVEadded 2025/03/26 10:15 p.m.71 views

CVE-2025-20232

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command us...

5.7CVSS7.2AI score0.00029EPSS
CVE
CVEadded 2024/07/01 5:15 p.m.70 views

CVE-2024-36990

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk ...

6.5CVSS6.4AI score0.00259EPSS
CVE
CVEadded 2024/07/01 5:15 p.m.70 views

CVE-2024-36992

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized...

5.4CVSS5.4AI score0.00196EPSS
CVE
CVEadded 2024/07/01 5:15 p.m.69 views

CVE-2024-36993

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in e...

5.4CVSS5.6AI score0.00292EPSS
CVE
CVEadded 2022/11/04 11:15 p.m.67 views

CVE-2022-43567

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.

8.8CVSS8.8AI score0.00622EPSS
CVE
CVEadded 2024/10/14 5:15 p.m.67 views

CVE-2024-45732

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user ...

7.1CVSS6.6AI score0.00029EPSS
CVE
CVEadded 2022/11/04 11:15 p.m.66 views

CVE-2022-43568

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.

8.8CVSS6.8AI score0.30975EPSS
CVE
CVEadded 2024/10/14 5:15 p.m.65 views

CVE-2024-45740

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code ...

5.4CVSS5.6AI score0.00077EPSS
CVE
CVEadded 2022/06/15 5:15 p.m.64 views

CVE-2022-32155

In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the uni...

7.5CVSS7.4AI score0.00432EPSS
CVE
CVEadded 2022/11/04 11:15 p.m.63 views

CVE-2022-43562

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.

5.4CVSS4.3AI score0.0012EPSS
CVE
CVEadded 2025/03/26 10:15 p.m.62 views

CVE-2025-20228

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-...

6.5CVSS7.2AI score0.00022EPSS
CVE
CVEadded 2024/07/01 5:15 p.m.60 views

CVE-2024-36997

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a p...

8.1CVSS7.4AI score0.00234EPSS
CVE
CVEadded 2022/11/04 11:15 p.m.58 views

CVE-2022-43570

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.

8.8CVSS7.1AI score0.00167EPSS
CVE
CVEadded 2022/06/15 5:15 p.m.57 views

CVE-2022-32154

Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and poten...

8.1CVSS7.3AI score0.00248EPSS
CVE
CVEadded 2022/11/04 11:15 p.m.57 views

CVE-2022-43565

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the...

8.8CVSS8.6AI score0.00055EPSS
CVE
CVEadded 2024/12/10 6:15 p.m.57 views

CVE-2024-53244

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a hi...

5.7CVSS5.8AI score0.00063EPSS
Total number of security vulnerabilities69