VYPR

Splunk Enterprise

by Splunk

CVEs (178)

  • CVE-2026-20253CriKEVJun 10, 2026
    risk 0.76cvss 9.8epss 0.88

    In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks…

  • CVE-2023-32707HigJun 1, 2023
    risk 0.66cvss 8.8epss 0.74

    In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by…

  • CVE-2017-17067CriNov 30, 2017
    risk 0.64cvss 9.8epss 0.03

    Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct…

  • CVE-2016-10126CriJan 10, 2017
    risk 0.64cvss 9.8epss 0.04

    Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token…

  • CVE-2023-46214HigNov 16, 2023
    risk 0.62cvss 8.0epss 0.89

    In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk…

  • CVE-2024-36985HigJul 1, 2024
    risk 0.61cvss 8.8epss 0.07

    In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application.

  • CVE-2022-43568HigNov 4, 2022
    risk 0.61cvss 8.8epss 0.43

    In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.

  • CVE-2022-43571HigNov 3, 2022
    risk 0.61cvss 8.8epss 0.14

    In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.

  • CVE-2022-32158CriJun 15, 2022
    risk 0.59cvss 9.0epss 0.01

    Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute…

  • CVE-2026-20251HigJun 10, 2026
    risk 0.57cvss 8.8epss 0.01

    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold…

  • CVE-2024-53247HigDec 10, 2024
    risk 0.57cvss 8.8epss 0.01

    In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code…

  • CVE-2024-45733HigOct 14, 2024
    risk 0.57cvss 8.8epss 0.01

    In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.

  • CVE-2024-36984HigJul 1, 2024
    risk 0.57cvss 8.8epss 0.01

    In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.

  • CVE-2023-40595HigAug 30, 2023
    risk 0.57cvss 8.8epss 0.01

    In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.

  • CVE-2023-22932HigFeb 14, 2023
    risk 0.57cvss 8.7epss 0.00

    In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.

  • CVE-2022-43570HigNov 4, 2022
    risk 0.57cvss 8.8epss 0.01

    In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.

  • CVE-2022-43567HigNov 4, 2022
    risk 0.57cvss 8.8epss 0.01

    In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.

  • CVE-2022-27183HigMay 6, 2022
    risk 0.57cvss 8.8epss 0.01

    The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on…

  • CVE-2022-26889HigMay 6, 2022
    risk 0.57cvss 8.8epss 0.01

    In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky…

  • CVE-2021-42743HigMay 6, 2022
    risk 0.57cvss 8.8epss 0.00

    A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.

Page 1 of 9