Splunk@4.1.2 Security Vulnerabilities and Issues — Splunk@4.1.2 CVE List

Lucene search

SplunkSplunk4.1.2

6 matches found

CVE•added 2010/06/24 12:17 p.m.•46 views

CVE-2010-2429

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.

4.3CVSS5.7AI score0.00277EPSS

CVE•added 2010/09/14 5:0 p.m.•46 views

CVE-2010-3323

Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.

4.6CVSS8.3AI score0.00391EPSS

CVE•added 2012/08/17 12:55 a.m.•43 views

CVE-2012-1908

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS5.8AI score0.00263EPSS

CVE•added 2013/11/25 7:55 p.m.•39 views

CVE-2013-6870

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00322EPSS

CVE•added 2012/01/03 11:55 a.m.•38 views

CVE-2011-4643

Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.

4CVSS6.6AI score0.15995EPSS

CVE•added 2012/01/03 11:55 a.m.•38 views

CVE-2011-4644

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to...

9.3CVSS7.3AI score0.06656EPSS