Vulnerabilities (CVE)

Filtered by vendor Splunk Subscribe
Filtered by product Splunk
Total 54 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26889 1 Splunk 1 Splunk 2022-05-17 7.5 HIGH 9.8 CRITICAL
The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2.
CVE-2021-42743 2 Microsoft, Splunk 2 Windows, Splunk 2022-05-17 4.6 MEDIUM 7.8 HIGH
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.
CVE-2021-26253 1 Splunk 1 Splunk 2022-05-17 6.8 MEDIUM 8.1 HIGH
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.
CVE-2022-26070 1 Splunk 1 Splunk 2022-05-17 4.0 MEDIUM 4.3 MEDIUM
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.
CVE-2021-33845 1 Splunk 1 Splunk 2022-05-17 5.0 MEDIUM 5.3 MEDIUM
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.
CVE-2021-31559 1 Splunk 1 Splunk 2022-05-17 5.0 MEDIUM 7.5 HIGH
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.
CVE-2022-27183 1 Splunk 1 Splunk 2022-05-14 4.3 MEDIUM 6.1 MEDIUM
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted.
CVE-2021-3422 1 Splunk 1 Splunk 2022-04-11 4.3 MEDIUM 7.5 HIGH
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium.
CVE-2010-2429 2 Microsoft, Splunk 2 Internet Explorer, Splunk 2021-07-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.
CVE-2013-6772 1 Splunk 1 Splunk 2020-01-27 4.3 MEDIUM 4.3 MEDIUM
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking
CVE-2013-6773 2 Microsoft, Splunk 2 Windows, Splunk 2020-01-27 4.6 MEDIUM 7.8 HIGH
Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges
CVE-2017-18348 1 Splunk 1 Splunk 2019-10-03 6.9 MEDIUM 7.0 HIGH
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access.
CVE-2017-17067 1 Splunk 1 Splunk 2019-10-03 10.0 HIGH 9.8 CRITICAL
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.
CVE-2017-5607 1 Splunk 1 Splunk 2019-03-20 3.5 LOW 3.5 LOW
Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.
CVE-2019-5727 1 Splunk 1 Splunk 2019-02-22 3.5 LOW 5.4 MEDIUM
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.
CVE-2018-7431 1 Splunk 1 Splunk 2019-01-25 4.0 MEDIUM 6.5 MEDIUM
Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2018-7427 1 Splunk 1 Splunk 2018-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-7432 1 Splunk 1 Splunk 2018-12-10 5.0 MEDIUM 7.5 HIGH
Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request.
CVE-2018-7429 1 Splunk 1 Splunk 2018-12-10 5.0 MEDIUM 7.5 HIGH
Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request.
CVE-2018-11409 1 Splunk 1 Splunk 2018-07-31 5.0 MEDIUM 5.3 MEDIUM
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.