Splunk@6.1.1 Security Vulnerabilities and Issues — Splunk@6.1.1 CVE List

Lucene search

SplunkSplunk6.1.1

11 matches found

CVE•added 2014/10/21 3:55 p.m.•89 views

CVE-2014-8380

Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression.

4.3CVSS5.6AI score0.03324EPSS

CVE•added 2017/02/04 5:59 a.m.•52 views

CVE-2017-5880

Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash...

6.5CVSS6.1AI score0.00558EPSS

CVE•added 2017/05/12 6:29 p.m.•50 views

CVE-2016-4858

Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light p...

4.8CVSS5.6AI score0.00176EPSS

CVE•added 2014/08/12 8:55 p.m.•46 views

CVE-2014-5197

Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.

4CVSS6.4AI score0.00629EPSS

CVE•added 2017/05/12 6:29 p.m.•46 views

CVE-2016-4859

Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to...

6.1CVSS6.1AI score0.00321EPSS

CVE•added 2014/12/16 6:59 p.m.•44 views

CVE-2014-5466

Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00263EPSS

CVE•added 2014/10/16 7:55 p.m.•44 views

CVE-2014-8302

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard.

3.5CVSS5.8AI score0.00185EPSS

CVE•added 2014/10/16 7:55 p.m.•40 views

CVE-2014-8303

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing.

4.3CVSS5.7AI score0.00263EPSS

CVE•added 2014/08/12 8:55 p.m.•38 views

CVE-2014-5198

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

4.3CVSS5.8AI score0.00296EPSS

CVE•added 2017/01/10 11:59 a.m.•38 views

CVE-2016-10126

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspeci...

10CVSS9.3AI score0.01443EPSS

CVE•added 2015/08/18 3:59 p.m.•34 views

CVE-2015-6515

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header.

4.3CVSS5.8AI score0.00263EPSS