Splunk Security Vulnerabilities and Issues — Splunk CVE List

Lucene search

SplunkSplunk

4 matches found

CVE•added 2014/08/07 11:13 a.m.•53 views

CVE-2013-6771

Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscr...

9.3CVSS7.5AI score0.04064EPSS

CVE•added 2014/08/12 8:55 p.m.•46 views

CVE-2014-5197

Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.

4CVSS6.4AI score0.00629EPSS

CVE•added 2014/08/07 11:13 a.m.•40 views

CVE-2013-7394

The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.

9CVSS7.1AI score0.04064EPSS

CVE•added 2014/08/12 8:55 p.m.•38 views

CVE-2014-5198

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

4.3CVSS5.8AI score0.00296EPSS