Splunk Security Vulnerabilities and Issues — Splunk CVE List

Lucene search

SplunkSplunk

9 matches found

CVE•added 2017/04/10 3:59 p.m.•70 views

CVE-2017-5607

Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obta...

3.5CVSS3.9AI score0.09035EPSS

CVE•added 2017/02/04 5:59 a.m.•52 views

CVE-2017-5880

Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash...

6.5CVSS6.1AI score0.00558EPSS

CVE•added 2017/05/12 6:29 p.m.•50 views

CVE-2016-4858

Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light p...

4.8CVSS5.6AI score0.00176EPSS

CVE•added 2017/11/30 2:29 a.m.•50 views

CVE-2017-17067

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.

10CVSS9.4AI score0.03341EPSS

CVE•added 2017/08/05 9:29 p.m.•47 views

CVE-2017-12572

Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104.

4.8CVSS4.9AI score0.0026EPSS

CVE•added 2017/05/12 6:29 p.m.•46 views

CVE-2016-4859

Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to...

6.1CVSS6.1AI score0.00321EPSS

CVE•added 2017/05/12 6:29 p.m.•45 views

CVE-2016-4857

Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.1CVSS6.2AI score0.00173EPSS

CVE•added 2017/05/12 6:29 p.m.•41 views

CVE-2016-4856

Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.

4.8CVSS4.8AI score0.00304EPSS

CVE•added 2017/01/10 11:59 a.m.•38 views

CVE-2016-10126

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspeci...

10CVSS9.3AI score0.01373EPSS