Splunk@4.0.7 Security Vulnerabilities and Issues — Splunk@4.0.7 CVE List

Lucene search

SplunkSplunk4.0.7

9 matches found

CVE•added 2010/06/24 12:17 p.m.•46 views

CVE-2010-2429

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.

4.3CVSS5.7AI score0.00277EPSS

CVE•added 2010/09/14 5:0 p.m.•46 views

CVE-2010-3323

Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.

4.6CVSS8.3AI score0.00391EPSS

CVE•added 2010/06/28 6:30 p.m.•45 views

CVE-2010-2503

Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user i...

4.3CVSS5.9AI score0.00263EPSS

CVE•added 2012/08/17 12:55 a.m.•43 views

CVE-2012-1908

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS5.8AI score0.00263EPSS

CVE•added 2010/06/28 6:30 p.m.•40 views

CVE-2010-2502

Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067.

7.5CVSS6.8AI score0.00255EPSS

CVE•added 2013/11/25 7:55 p.m.•39 views

CVE-2013-6870

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00322EPSS

CVE•added 2012/01/03 11:55 a.m.•38 views

CVE-2011-4643

Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.

4CVSS6.6AI score0.15995EPSS

CVE•added 2012/01/03 11:55 a.m.•38 views

CVE-2011-4644

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to...

9.3CVSS7.3AI score0.06656EPSS

CVE•added 2010/06/28 6:30 p.m.•36 views

CVE-2010-2504

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.

6CVSS6AI score0.00366EPSS