Total
114 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-27183 | 1 Splunk | 1 Splunk | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted. | |||||
CVE-2022-26889 | 1 Splunk | 1 Splunk | 2023-12-10 | 5.1 MEDIUM | 8.8 HIGH |
In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing). | |||||
CVE-2021-3422 | 1 Splunk | 1 Splunk | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium. | |||||
CVE-2021-33845 | 1 Splunk | 1 Splunk | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors. | |||||
CVE-2021-31559 | 1 Splunk | 1 Splunk | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders. | |||||
CVE-2022-32158 | 1 Splunk | 1 Splunk | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server. | |||||
CVE-2022-32157 | 1 Splunk | 1 Splunk | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation. | |||||
CVE-2022-32154 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-12-10 | 4.0 MEDIUM | 8.1 HIGH |
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will. | |||||
CVE-2022-32153 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | |||||
CVE-2013-6773 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | |||||
CVE-2013-6772 | 1 Splunk | 1 Splunk | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking | |||||
CVE-2018-7429 | 1 Splunk | 1 Splunk | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request. | |||||
CVE-2017-18348 | 1 Splunk | 1 Splunk | 2023-12-10 | 6.9 MEDIUM | 7.0 HIGH |
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access. | |||||
CVE-2018-7431 | 1 Splunk | 1 Splunk | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
CVE-2018-7427 | 1 Splunk | 1 Splunk | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2018-7432 | 1 Splunk | 1 Splunk | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request. | |||||
CVE-2019-5727 | 1 Splunk | 1 Splunk | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827. | |||||
CVE-2018-11409 | 1 Splunk | 1 Splunk | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. | |||||
CVE-2017-12572 | 1 Splunk | 1 Splunk | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104. | |||||
CVE-2017-17067 | 1 Splunk | 1 Splunk | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks. |