VYPR

Splunk Enterprise

by Splunk

CVEs (178)

  • CVE-2023-32712HigJun 1, 2023
    risk 0.56cvss 8.6epss 0.00

    In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code…

  • CVE-2023-40598HigAug 30, 2023
    risk 0.55cvss 8.5epss 0.01

    In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can…

  • CVE-2023-40592HigAug 30, 2023
    risk 0.55cvss 8.4epss 0.01

    In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of…

  • CVE-2025-20229HigMar 26, 2025
    risk 0.53cvss 8.0epss 0.14

    In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution…

  • CVE-2024-36997HigJul 1, 2024
    risk 0.53cvss 8.1epss 0.01

    In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could…

  • CVE-2024-29946HigMar 27, 2024
    risk 0.53cvss 8.1epss 0.01

    In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by…

  • CVE-2023-22939HigFeb 14, 2023
    risk 0.53cvss 8.1epss 0.01

    In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only…

  • CVE-2023-22935HigFeb 14, 2023
    risk 0.53cvss 8.1epss 0.01

    In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their…

  • CVE-2022-43565HigNov 4, 2022
    risk 0.53cvss 8.1epss 0.01

    In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The…

  • CVE-2022-43563HigNov 4, 2022
    risk 0.53cvss 8.1epss 0.01

    In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires…

  • CVE-2022-32156HigJun 15, 2022
    risk 0.53cvss 8.1epss 0.01

    In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation…

  • CVE-2022-32153HigJun 15, 2022
    risk 0.53cvss 8.1epss 0.01

    Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates…

  • CVE-2022-32152HigJun 15, 2022
    risk 0.53cvss 8.1epss 0.01

    Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates…

  • CVE-2021-26253HigMay 6, 2022
    risk 0.53cvss 8.1epss 0.01

    A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or…

  • CVE-2024-45731HigOct 14, 2024
    risk 0.52cvss 8.0epss 0.01

    In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk…

  • CVE-2024-36983HigJul 1, 2024
    risk 0.52cvss 8.0epss 0.01

    In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal…

  • CVE-2023-22933HigFeb 14, 2023
    risk 0.52cvss 8.0epss 0.01

    In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.

  • CVE-2022-43569HigNov 4, 2022
    risk 0.52cvss 8.0epss 0.01

    In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.

  • CVE-2023-40597HigAug 30, 2023
    risk 0.51cvss 7.8epss 0.00

    In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

  • CVE-2024-36991HigJul 1, 2024
    risk 0.50cvss 7.5epss 0.13

    In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

Page 2 of 9