Lucene search
K
SplunkSplunk Cloud Platform*

39 matches found

CVE
CVE
added 2023/06/01 4:34 p.m.269 views

CVE-2023-32707

Summary of CVE-2023-32707 : Affected Splunk products include Splunk Enterprise < 9.0.5, 8.2.11, and 8.1.14 and Splunk Cloud Platform

8.8CVSS8.6AI score0.73537EPSS
Web
CVE
CVE
added 2023/08/30 4:19 p.m.202 views

CVE-2023-40598

CVE-2023-40598 affects Splunk Enterprise prior to 8.2.12, 9.0.6, and 9.1.1. The issue allows an attacker to create an external lookup that calls a legacy internal function, enabling insertion of code into the Splunk installation directory and resulting in arbitrary code execution on the platform ...

8.8CVSS8.8AI score0.00598EPSS
CVE
CVE
added 2023/06/01 4:34 p.m.197 views

CVE-2023-32708

Summary of CVE-2023-32708 (Splunk): A HTTP response splitting vulnerability can be triggered by the REST command via the rest SPL, allowing a low-privileged user to potentially access other REST endpoints. Affected products/versions are: Splunk Enterprise < 9.0.5, < 8.2.11, and < 8.1.14,...

8.8CVSS7.9AI score0.00749EPSS
CVE
CVE
added 2023/02/14 5:24 p.m.188 views

CVE-2023-22938

CVE-2023-22938 affects Splunk Enterprise: in versions below 8.1.13, 8.2.10, and 9.0.4, the sendemail REST API endpoint allows any authenticated user to send an email as the Splunk instance. The root cause is improper permission validation on the endpoint, enabling unauthorized mail actions. The v...

4.3CVSS4.5AI score0.00359EPSS
CVE
CVE
added 2023/02/14 5:22 p.m.171 views

CVE-2023-22941

CVE-2023-22941 affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 are vulnerable due to an improperly formatted INGEST_EVAL parameter in a Field Transformation, which can crash the splunkd daemon. The issue is rooted in input parsing of INGEST_EVAL/INGEST EVAL and has the pote...

7.5CVSS6.9AI score0.01028EPSS
CVE
CVE
added 2023/02/14 5:22 p.m.170 views

CVE-2023-22933

CVE-2023-22933 affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 expose a Cross-Site Scripting (XSS) vulnerability in an XML View via the layoutPanel attribute on the module tag. The issue arises in Splunk Web-enabled deployments and could allow client-side code execution. Re...

8CVSS6.1AI score0.0082EPSS
CVE
CVE
added 2023/06/01 4:34 p.m.170 views

CVE-2023-32706

Summary: CVE-2023-32706 affects Splunk Enterprise versions prior to 9.0.5, 8.2.11, and 8.1.14. An unauthenticated attacker can send specially crafted messages to the XML parser in SAML authentication, triggering a Denial of Service (DoS) in the Splunk daemon. What’s affected: Splunk Enterprise on...

7.7CVSS6.7AI score0.00602EPSS
CVE
CVE
added 2023/02/14 5:22 p.m.169 views

CVE-2023-22936

The CVE-2023-22936 issue affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 are vulnerable via the search_listener parameter in a search, enabling a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot observe the response unle...

6.3CVSS6.3AI score0.00376EPSS
CVE
CVE
added 2023/06/01 4:34 p.m.161 views

CVE-2023-32716

The CVE-2023-32716 issue affects Splunk Enterprise and Splunk Cloud Platform where the vulnerable code path is the {{dump}} SPL command. Affected are Splunk Enterprise versions prior to 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions prior to 9.0.2303.100. Exploitation can cause a d...

6.5CVSS6.4AI score0.00624EPSS
CVE
CVE
added 2023/02/14 5:22 p.m.160 views

CVE-2023-22934

Splunk Enterprise is affected in versions prior to 8.1.13, 8.2.10, and 9.0.4. The vulnerability stems from the pivot SPL command bypassing safeguards for risky commands when used with a saved search job, requiring an authenticated user to craft the saved job and a higher-privileged user to initia...

8CVSS7.5AI score0.01121EPSS
CVE
CVE
added 2023/02/14 5:24 p.m.160 views

CVE-2023-22939

The CVE-2023-22939 vulnerability affects Splunk Enterprise versions prior to 8.1.13, 8.2.10, and 9.0.4. It involves the map SPL command that lets a search bypass safeguards for risky commands, requiring a higher-privileged user to initiate a request from a user’s browser and only impacting instan...

8.8CVSS8.2AI score0.00587EPSS
CVE
CVE
added 2023/06/01 4:34 p.m.158 views

CVE-2023-32710

Summary: CVE-2023-32710 affects Splunk Enterprise versions prior to 9.0.5, 8.2.11, 8.1.14 and Splunk Cloud Platform prior to 9.0.2303.100. A low-privileged user can transfer data from a recently run search by using the copyresults command if they know the search ID (SID). Impact: Potential unauth...

5.3CVSS5.2AI score0.00436EPSS
CVE
CVE
added 2023/02/14 5:22 p.m.157 views

CVE-2023-22932

CVE-2023-22932 affects Splunk Enterprise 9.0 versions before 9.0.4 with Splunk Web enabled. A View can trigger Cross‑Site Scripting via the error message in a Base64‑encoded image. Affected: Splunk Enterprise 9.0.0–9.0.3. Remediation: upgrade to 9.0.4 or later; as a temporary workaround, disable ...

8.7CVSS6.4AI score0.00398EPSS
CVE
CVE
added 2023/02/14 5:22 p.m.157 views

CVE-2023-22935

CVE-2023-22935 affects Splunk Enterprise versions prior to 8.1.13, 8.2.10, and 9.0.4. The vulnerability is caused by the display.page.search.patterns.sensitivity parameter which lets a user bypass SPL safeguards for risky commands. It requires a higher-privileged user to initiate a request from t...

8.8CVSS8.3AI score0.00613EPSS
CVE
CVE
added 2023/02/14 5:22 p.m.157 views

CVE-2023-22940

The CVE-2023-22940 issue affects Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4. The root cause is that aliases of the collect SPL command (including summaryindex, sumindex, stash, mcollect, and meventcollect) were not designated as safeguarded commands, potentially allowing data to b...

6.3CVSS5.8AI score0.00429EPSS
CVE
CVE
added 2023/02/14 5:24 p.m.154 views

CVE-2023-22937

CVE-2023-22937 affects Splunk Enterprise: versions below 8.1.13, 8.2.10, and 9.0.4 allow the lookup table upload feature to accept lookup tables with arbitrary filename extensions; only .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl are permitted. This is a validation/enforcement issue in the upl...

4.3CVSS4.7AI score0.00414EPSS
CVE
CVE
added 2023/02/14 5:22 p.m.152 views

CVE-2023-22931

Splunk Enterprise before versions 8.1.13 and 8.2.10 are affected by CVE-2023-22931 due to the createrss external search command overwriting RSS feeds without permission checks. The root cause is the use of a deprecated feature that has been disabled by default, but remains exploitable in older bu...

4.3CVSS4.8AI score0.00362EPSS
CVE
CVE
added 2023/06/01 4:34 p.m.151 views

CVE-2023-32717

Summary: CVE-2023-32717 affects Splunk Enterprise and Splunk Cloud Platform. An unauthorized user can access the REST endpoint /services/indexing/preview to overwrite search results if they know the SID of an existing search job. The issue is rooted in RBAC/endpoint handling for that path. Affect...

4.3CVSS4.5AI score0.00362EPSS
Web
CVE
CVE
added 2023/06/01 4:34 p.m.146 views

CVE-2023-32709

Summary (CVE-2023-32709) : Affects Splunk Enterprise <9.0.5, <8.2.11, <8.1.14 and Splunk Cloud Platform

4.3CVSS4.9AI score0.00391EPSS
CVE
CVE
added 2022/11/03 10:56 p.m.109 views

CVE-2022-43571

CVE-2022-43571 affects Splunk Enterprise prior to versions 8.2.9, 8.1.12, and 9.0.2. An authenticated user can trigger arbitrary code execution via the dashboard PDF generation component (SimpleXML dashboards) due to code injection in styling parameters used during PDF export. Exploitation is dem...

8.8CVSS8.9AI score0.14314EPSS
Web
CVE
CVE
added 2022/06/15 4:46 p.m.85 views

CVE-2022-32151

CVE-2022-32151 affects Splunk Enterprise before version 9.0 and Splunk Cloud Platform before 8.2.2203. Root cause: the httplib and urllib Python libraries shipped with Splunk did not validate certificates using CA certificate stores by default. Impact: servers may be vulnerable where certificate ...

9.1CVSS8.5AI score0.00743EPSS
CVE
CVE
added 2024/10/14 5:3 p.m.84 views

CVE-2024-45740

CVE-2024-45740 affects Splunk Enterprise <9.2.3/9.1.6 and Splunk Cloud Platform

5.4CVSS5.6AI score0.00355EPSS
CVE
CVE
added 2022/11/04 10:23 p.m.83 views

CVE-2022-43572

Summary: CVE-2022-43572 affects Splunk Enterprise where a malformed file sent via the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer can cause a blockage/denial-of-service that prevents indexing. Affected versions (per sources): Splunk Enterprise below 8.2.9, below 8...

7.5CVSS6.5AI score0.00766EPSS
CVE
CVE
added 2022/06/15 4:49 p.m.81 views

CVE-2022-32155

CVE-2022-32155 concerns Splunk Universal Forwarder management services. The issue described in the sources is that versions before 9.0 expose management services remotely by default, creating a potential exposure rather than a technical vulnerability. Splunk 9.0 binds the management port to local...

7.5CVSS7.4AI score0.01799EPSS
CVE
CVE
added 2022/11/04 10:19 p.m.80 views

CVE-2022-43562

CVE-2022-43562 | Splunk Enterprise : The issue is a Host header validation/escaping flaw in Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2. A remote authenticated user could exploit this to perform attacks such as cross-site scripting and cache poisoning. Root cause is improper handlin...

5.4CVSS4.3AI score0.00412EPSS
CVE
CVE
added 2022/11/04 10:22 p.m.80 views

CVE-2022-43568

Splunk Enterprise is affected by CVE-2022-43568. The vulnerability is a Reflected Cross-Site Scripting flaw in a View when output_mode=radio, triggered by JSON in a query parameter. Affected versions are Splunk Enterprise below 8.1.12, below 8.2.9, and below 9.0.2. Documented impact indicates hig...

8.8CVSS6.8AI score0.42801EPSS
CVE
CVE
added 2022/11/04 10:21 p.m.79 views

CVE-2022-43567

Splunk Enterprise: vulnerability CVE-2022-43567 affects the Mobile Alerts feature of the Splunk Secure Gateway app. An authenticated user could remotely execute arbitrary OS commands via specially crafted requests. Affected versions are Splunk Enterprise < 8.2.9, < 8.1.12, and

8.8CVSS8.8AI score0.01194EPSS
CVE
CVE
added 2024/10/14 5:3 p.m.79 views

CVE-2024-45732

CVE-2024-45732 affects Splunk Enterprise versions prior to 9.3.1 and 9.2.0 prior to 9.2.3, plus Splunk Cloud Platform prior to 9.2.2403.103, including 9.1.2312.200/9.1.2312.110/9.1.2308.208. Description: a low-privileged user without admin or power roles could run a search as the nobody user with...

7.1CVSS6.6AI score0.00397EPSS
CVE
CVE
added 2022/06/15 4:48 p.m.75 views

CVE-2022-32153

CVE-2022-32153 affects Splunk Enterprise prior to 9.0 and Splunk Cloud Platform prior to 8.2.2203, where TLS hostname validation was not performed by default for Splunk-to-Splunk communications. This allowed a scenario where an attacker with administrator credentials could add a peer with an inva...

8.1CVSS8.1AI score0.00852EPSS
CVE
CVE
added 2022/11/04 10:20 p.m.73 views

CVE-2022-43565

CVE-2022-43565 (Splunk Enterprise) : Affects Splunk Enterprise versions prior to 8.2.9 and prior to 8.1.12. Root cause: the tstats command’s handling of JSON can bypass SPL safeguards for risky commands, enabling manipulation if a user is phished into initiating a request in their browser. Exploi...

8.8CVSS8.6AI score0.00595EPSS
CVE
CVE
added 2022/11/04 10:22 p.m.73 views

CVE-2022-43570

CVE-2022-43570 affects Splunk Enterprise prior to 8.1.12, 8.2.9, and 9.0.2. An authenticated user can perform an XML External Entity (XXE) injection via a custom View, causing Splunk Web to embed incorrect documents into an error page. Root cause: XXE vulnerability in the handling of XML in custo...

8.8CVSS7.1AI score0.00656EPSS
CVE
CVE
added 2022/06/15 4:46 p.m.72 views

CVE-2022-32152

CVE-2022-32152 affects Splunk Enterprise and Splunk Cloud Platform where TLS host name validation for Splunk-to-Splunk communications was not enforced by default in versions before 9.0 (Splunk Enterprise) and before 8.2.2203 (Splunk Cloud). The issue allowed an administrator to add a peer with an...

8.1CVSS7.3AI score0.00851EPSS
CVE
CVE
added 2022/06/15 4:48 p.m.72 views

CVE-2022-32154

Splunk Enterprise before 9.0 is affected by CVE-2022-32154 in its dashboards: an attacker could inject risky search commands into a form token used in a cross-origin query, bypassing SPL safeguards for risky commands. The issue is browser-based; exploitation depends on the attacker delivering a f...

8.1CVSS7.3AI score0.01271EPSS
CVE
CVE
added 2022/11/03 10:6 p.m.69 views

CVE-2022-43561

CVE-2022-43561 affects Splunk Enterprise: versions prior to 8.1.12, 8.2.9, and 9.0.2. A remote user with the “power” role can store arbitrary scripts via the Save Table feature, enabling persistent cross-site scripting (XSS) on Splunk Web-enabled instances. The underlying vulnerability allows inj...

6.4CVSS5.3AI score0.00634EPSS
CVE
CVE
added 2022/11/04 10:19 p.m.69 views

CVE-2022-43563

Splunk Enterprise is affected in versions before 8.2.9 and 8.1.12 due to how the rex search command handles field names, which can bypass SPL safeguards for risky commands. The attack requires phishing the victim into initiating a request in their browser; it is not exploitable at will. The issue...

8.8CVSS8.6AI score0.00595EPSS
CVE
CVE
added 2022/11/04 10:21 p.m.68 views

CVE-2022-43566

CVE-2022-43566 affects Splunk Enterprise: versions prior to 8.2.9, 8.1.12, and 9.0.2 allow an authenticated user to execute risky commands using a more privileged user’s permissions to bypass SPL safeguards in Analytics Workspace. The attack requires phishing the victim into initiating a request ...

8CVSS7.4AI score0.00778EPSS
CVE
CVE
added 2024/10/14 4:45 p.m.67 views

CVE-2024-45735

Summary (CVE-2024-45735) : Splunk Enterprise versions before 9.2.3 and 9.1.6, and Splunk Secure Gateway on Splunk Cloud Platform versions before 3.4.259, 3.6.17, or 3.7.0 allow a low-privileged user (not admin/power) to view App Key Value Store (KV Store) deployment configuration and public/priva...

4.3CVSS4.5AI score0.00349EPSS
CVE
CVE
added 2022/11/04 10:20 p.m.64 views

CVE-2022-43564

CVE-2022-43564 affects Splunk Enterprise. A remote user who can create search macros and schedule search reports can trigger a denial of service by submitting specially crafted search macros in versions before 8.1.12, 8.2.9, or 9.0.2. The issue’s described impact is DoS; no other exploitation or ...

6.5CVSS5.7AI score0.00794EPSS
CVE
CVE
added 2022/11/04 10:22 p.m.62 views

CVE-2022-43569

CVE-2022-43569 affects Splunk Enterprise versions prior to 8.1.12, 8.2.9, and 9.0.2. An authenticated user can inject and store arbitrary scripts resulting in persistent cross-site scripting (XSS) in the object name of a Data Model. Remediation per sources: upgrade to 8.1.12 or later, 8.2.9 or la...

8CVSS5.8AI score0.007EPSS