Total
160 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40594 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-04-10 | N/A | 7.5 HIGH |
| In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance. | |||||
| CVE-2023-22935 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-04-10 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | |||||
| CVE-2023-22936 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-04-10 | N/A | 6.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment. | |||||
| CVE-2010-3322 | 1 Splunk | 1 Splunk | 2024-02-21 | 6.0 MEDIUM | 8.8 HIGH |
| The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors. | |||||
| CVE-2022-43568 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 6.1 MEDIUM |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio. | |||||
| CVE-2022-43567 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. | |||||
| CVE-2022-43563 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | |||||
| CVE-2022-43566 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 8.0 HIGH |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | |||||
| CVE-2022-43570 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error. | |||||
| CVE-2022-43571 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. | |||||
| CVE-2022-43562 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 5.4 MEDIUM |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. | |||||
| CVE-2022-43572 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. | |||||
| CVE-2022-43569 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 5.4 MEDIUM |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. | |||||
| CVE-2022-43565 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-11-07 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. | |||||
| CVE-2022-32156 | 1 Splunk | 2 Splunk, Universal Forwarder | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI to enable the remediation. The vulnerability does not affect the Splunk Cloud Platform. At the time of publishing, we have no evidence of exploitation of this vulnerability by external parties. The issue requires conditions beyond the control of a potential bad actor such as a machine-in-the-middle attack. Hence, Splunk rates the complexity of the attack as High. | |||||
| CVE-2022-37438 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2023-07-21 | N/A | 3.5 LOW |
| In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web. | |||||
| CVE-2022-43564 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-11-08 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros. | |||||
| CVE-2022-43561 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-11-07 | N/A | 4.8 MEDIUM |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled. | |||||
| CVE-2021-31559 | 1 Splunk | 1 Splunk | 2022-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders. | |||||
| CVE-2022-26889 | 1 Splunk | 1 Splunk | 2022-10-19 | 5.1 MEDIUM | 8.8 HIGH |
| In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing). | |||||