splunk · threatengine.sh

CVE-2026-20204

>= 9.3.0 and < 9.3.11

In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3

7.1HIGH

CVE-2026-20203

>= 9.3.0 and < 9.3.11

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3

4.3MEDIUM

CVE-2026-20202

>= 9.3.0 and < 9.3.11

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3

6.6MEDIUM

CVE-2026-20166

>= 10.0.0 and < 10.0.4

In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.

5.4MEDIUM

CVE-2026-20165

>= 9.3.0 and < 9.3.10

In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.

6.3MEDIUM

CVE-2026-20164

>= 9.3.0 and < 9.3.10

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.

6.5MEDIUM

CVE-2026-20163

>= 9.3.0 and < 9.3.10

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.

7.2HIGH

CVE-2026-20162

>= 9.3.0 and < 9.3.9

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2

6.3MEDIUM

CVE-2026-20144

>= 9.2.0 and < 9.2.11

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0

6.8MEDIUM

CVE-2026-20142

>= 9.2.0 and < 9.2.11

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deploym

6.8MEDIUM

CVE-2026-20141

>= 9.3.0 and < 9.3.9

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk r

4.3MEDIUM

CVE-2026-20139

>= 9.2.0 and < 9.2.12

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3

4.3MEDIUM

CVE-2026-20138

>= 9.2.0 and < 9.2.11

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deploym

6.8MEDIUM

CVE-2026-20137

>= 9.2.0 and < 9.2.9

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0,

3.5LOW

CVE-2025-20389

>= 9.2.0 and < 9.2.10

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk S

4.3MEDIUM

CVE-2025-20388

>= 9.2.0 and < 9.2.10

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2

2.7LOW

CVE-2025-20387

>= 9.2.0 and < 9.2.10

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to

8.0HIGH

CVE-2025-20386

>= 9.2.0 and < 9.2.10

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affect

8.0HIGH

CVE-2025-20385

>= 9.2.0 and < 9.2.10

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2

2.4LOW

CVE-2025-20384

>= 9.2.0 and < 9.2.10

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2

5.3MEDIUM

CVE-2025-20383

>= 9.2.0 and < 9.2.10

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gatewa

4.3MEDIUM

CVE-2025-20382

>= 9.2.0 and < 9.2.10

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.

3.5LOW

CVE-2025-20379

>= 9.2.0 and < 9.2.9

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.240

3.5LOW

CVE-2025-20378

>= 9.2.0 and < 9.2.9

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.11

3.1LOW

CVE-2025-20371

>= 9.2.0 and < 9.2.8

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.240

7.5HIGH

CVE-2025-20370

>= 9.2.0 and < 9.2.8

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.24

4.9MEDIUM

CVE-2025-20369

>= 9.2.0 and < 9.2.8

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 a

4.6MEDIUM

CVE-2025-20368

>= 9.2.0 and < 9.2.8

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 a

5.7MEDIUM

CVE-2025-20367

>= 9.2.0 and < 9.2.8

In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 an

5.7MEDIUM

CVE-2025-20366

>= 9.2.0 and < 9.2.8

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119,

6.5MEDIUM

CVE-2025-20325

>= 9.1.0 and < 9.1.10

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.24

3.1LOW

CVE-2025-20324

>= 9.1.0 and < 9.1.10

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.240

5.4MEDIUM

CVE-2025-20323

>= 9.1.0 and < 9.1.10

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "powe

4.3MEDIUM

CVE-2025-20322

>= 9.1.0 and < 9.1.10

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.24

4.3MEDIUM

CVE-2025-20321

>= 9.1.0 and < 9.1.10

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.240

6.5MEDIUM

CVE-2025-20320

>= 9.1.0 and < 9.1.10

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.240

6.3MEDIUM

CVE-2025-20319

>= 9.1.0 and < 9.1.10

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capa

6.8MEDIUM

CVE-2025-20300

>= 9.1.0 and < 9.1.9

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408

4.3MEDIUM

CVE-2025-20298

>= 9.1.0 and < 9.1.9

In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affect

8.0HIGH

CVE-2025-20297

>= 9.2.0 and < 9.2.6

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 an

4.3MEDIUM

CVE-2025-20230

>= 9.1.0 and < 9.1.8

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gate

4.3MEDIUM

CVE-2025-20233

>= 4.0.0 and < 4.0.5

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functio

2.5LOW

CVE-2025-20232

>= 9.1.0 and < 9.1.8

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9

5.7MEDIUM

CVE-2025-20231

>= 9.1.0 and < 9.1.8

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gate

7.1HIGH

CVE-2025-20229

>= 9.1.0 and < 9.1.8

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108,

8.0HIGH

CVE-2025-20228

>= 9.1.0 and < 9.1.8

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.20

6.5MEDIUM

CVE-2025-20227

>= 9.1.0 and < 9.1.8

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.240

4.3MEDIUM

CVE-2025-20226

>= 9.1.0 and < 9.1.8

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406

5.7MEDIUM

CVE-2024-53246

>= 9.1.0 and < 9.1.7

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9

5.3MEDIUM

CVE-2024-53245

>= 9.1.0 and < 9.1.7

In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privilege

3.1LOW

CVE-2024-53244

>= 9.1.0 and < 9.1.7

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, a

5.7MEDIUM

CVE-2024-45741

>= 9.1.0 and < 9.1.6

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-

5.4MEDIUM

CVE-2024-45740

>= 9.1.0 and < 9.1.6

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that

5.4MEDIUM

CVE-2024-45739

>= 9.1.0 and < 9.1.6

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native

4.9MEDIUM

CVE-2024-45738

>= 9.1.0 and < 9.1.6

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_i

4.9MEDIUM

CVE-2024-45737

>= 9.1.0 and < 9.1.6

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.20

4.3MEDIUM

CVE-2024-45736

>= 9.1.0 and < 9.1.6

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, a

6.5MEDIUM

CVE-2024-45735

>= 9.1.0 and < 9.1.6

In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.

4.3MEDIUM

CVE-2024-45734

>= 9.1.0 and < 9.1.6

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk role

4.3MEDIUM

CVE-2024-45733

>= 9.1.0 and < 9.1.6

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" S

8.8HIGH

CVE-2024-45732

>= 9.2.0 and < 9.2.3

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103,

7.1HIGH

CVE-2024-45731

>= 9.1.0 and < 9.1.6

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "

8.0HIGH

CVE-2024-36997

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user coul

8.1HIGH

CVE-2024-36996

>= 9.0.0 and <= 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker co

5.3MEDIUM

CVE-2024-36995

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.20

5.4MEDIUM

CVE-2024-36994

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.20

5.4MEDIUM

CVE-2024-36993

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.20

5.4MEDIUM

CVE-2024-36992

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.20

5.4MEDIUM

CVE-2024-36991

>= 9.0.0 and < 9.0.10

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /module

7.5HIGH

CVE-2024-36990

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticat

6.5MEDIUM

CVE-2024-36989

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileg

7.1HIGH

CVE-2024-36987

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticat

4.3MEDIUM

CVE-2024-36986

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.20

6.3MEDIUM

CVE-2024-36985

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk r

8.8HIGH

CVE-2024-36984

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted q

8.8HIGH

CVE-2024-36983

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.20

8.0HIGH

CVE-2024-36982

>= 9.0.0 and < 9.0.10

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.20

7.5HIGH

CVE-2024-29946

>= 9.0.0 and < 9.0.9

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands.

8.1HIGH

CVE-2024-29945

>= 9.0.0 and < 9.0.9

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the tok

7.2HIGH

CVE-2023-46231

< 4.1.4

In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit

6.8MEDIUM

CVE-2023-46230

< 4.1.4

In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.

8.2HIGH

CVE-2024-23678

>= 9.0.0 and < 9.0.8

In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. Th

7.5HIGH

CVE-2024-23677

>= 9.0.0 and < 9.0.8

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a

4.3MEDIUM

CVE-2024-23676

>= 9.0.0 and < 9.0.8

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that t

4.6MEDIUM

CVE-2024-23675

>= 9.0.0 and < 9.0.8

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for user

6.5MEDIUM

CVE-2024-22165

>= 7.1.0 and < 7.1.2

In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial

6.5MEDIUM

CVE-2024-22164

>= 7.1.0 and < 7.1.2

In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of serv

4.3MEDIUM

CVE-2023-46214

>= 9.0.0 and < 9.0.7

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language tra

8.0HIGH

CVE-2023-46213

>= 9.0.0 and < 9.0.7

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result

4.8MEDIUM

CVE-2023-40598

< 8.2.12

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy intern

8.5HIGH

CVE-2023-40597

>= 8.2.0 and < 8.2.12

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute a

7.8HIGH

CVE-2023-40596

>= 8.2.0 and < 8.2.12

In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterpris

7.0HIGH

CVE-2023-40595

>= 8.2.0 and < 8.2.12

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can

8.8HIGH

CVE-2023-40594

>= 8.2.0 and < 8.2.12

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the printf SPL function to perform a deni

6.5MEDIUM

CVE-2023-40593

>= 8.2.0 and < 8.2.12

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup langua

6.3MEDIUM

CVE-2023-40592

>= 8.2.0 and < 8.2.12

In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in refle

8.4HIGH

CVE-2023-32717

>= 8.1.0 and < 8.1.14

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauth

4.3MEDIUM

CVE-2023-32716

>= 8.1.0 and < 8.1.14

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker

6.5MEDIUM

CVE-2023-32715

< 4.0.1

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the a

4.7MEDIUM

CVE-2023-32714

>= 8.1.0 and < 8.1.14

In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, t

8.1HIGH

CVE-2023-32712

>= 8.1.0 and < 8.1.14

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (

8.6HIGH

CVE-2023-32711

>= 8.1.0 and < 8.1.14

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulner

5.4MEDIUM

CVE-2023-32710

>= 8.1.0 and < 8.1.14

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-pri

4.8MEDIUM

CVE-2023-32709

>= 8.1.0 and < 8.1.14

In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privil

4.3MEDIUM

CVE-2023-32708

>= 8.1.0 and < 8.1.14

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privil

7.2HIGH

CVE-2023-32707

>= 8.1.0 and < 8.1.14

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-priv

8.8HIGH

CVE-2023-32706

>= 8.1.0 and < 8.1.14

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to

7.7HIGH

CVE-2023-27538

>= 8.2.0 and < 8.2.12

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection d

5.5MEDIUM

CVE-2023-27537

>= 8.2.0 and < 8.2.12

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduce

5.9MEDIUM

CVE-2023-27536

>= 8.2.0 and < 8.2.12

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously establishe

5.9MEDIUM

CVE-2023-27535

>= 8.2.0 and < 8.2.12

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong crede

5.9MEDIUM

CVE-2023-27534

>= 8.2.0 and < 8.2.12

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced whe

8.8HIGH

CVE-2023-27533

>= 8.2.0 and < 8.2.12

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pa

8.8HIGH

CVE-2023-23916

>= 8.2.0 and < 8.2.12

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compress

6.5MEDIUM

CVE-2023-23915

>= 8.2.0 and < 8.2.12

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to beh

6.5MEDIUM

CVE-2023-23914

>= 8.2.0 and < 8.2.12

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail w

9.1CRITICAL

CVE-2023-22943

>= 4.1.0 and < 4.1.2

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party

4.8MEDIUM

CVE-2023-22942

>= 8.1.0 and < 8.1.13

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app

5.4MEDIUM

CVE-2023-22941

>= 8.1.0 and < 8.1.13

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Tran

6.5MEDIUM

CVE-2023-22940

>= 8.1.0 and < 8.1.13

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) comma

6.3MEDIUM

CVE-2023-22939

>= 8.1.0 and < 8.1.13

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a searc

8.1HIGH

CVE-2023-22938

>= 8.1.0 and < 8.1.13

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user s

4.3MEDIUM

CVE-2023-22937

>= 8.1.0 and < 8.1.13

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables wit

4.3MEDIUM

CVE-2023-22936

>= 8.1.0 and < 8.1.13

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind

6.3MEDIUM

CVE-2023-22935

>= 8.1.0 and < 8.1.13

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter

8.1HIGH

CVE-2023-22934

>= 8.1.0 and < 8.1.13

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a sea

7.3HIGH

CVE-2023-22933

>= 8.1.0 and < 8.1.13

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-

8.0HIGH

CVE-2023-22932

>= 9.0.0 and < 9.0.4

In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64

8.7HIGH

CVE-2023-22931

>= 8.1.0 and < 8.1.13

In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource De

4.3MEDIUM

CVE-2022-43552

>= 8.2.0 and < 8.2.12

A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through a

5.9MEDIUM

CVE-2022-43551

>= 8.2.0 and < 8.2.12

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, c

7.5HIGH

CVE-2022-35260

>= 8.2.0 and < 8.2.12

curl can be told to parse a .netrc file for credentials. If that file endsin a line with 4095 consecutive non-white space letter

6.5MEDIUM

CVE-2022-32221

>= 8.2.0 and < 8.2.12

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, ev

9.8CRITICAL

CVE-2022-36227

>= 8.2.0 and < 8.2.12

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL poi

9.8CRITICAL

CVE-2022-43572

>= 8.1.0 and < 8.1.12

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP

7.5HIGH

CVE-2022-43570

>= 8.1.0 and < 8.1.12

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML

8.8HIGH

CVE-2022-43569

>= 8.1.0 and < 8.1.12

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that ca

8.0HIGH

CVE-2022-43568

>= 8.1.0 and < 8.1.12

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Ob

8.8HIGH

CVE-2022-43567

>= 8.1.0 and < 8.1.12

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands re

8.8HIGH

CVE-2022-43566

>= 8.1.0 and < 8.1.12

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged

7.3HIGH

CVE-2022-43565

>= 8.1.0 and < 8.1.12

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON)

8.1HIGH

CVE-2022-43564

>= 8.1.0 and < 8.1.12

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search repor

4.9MEDIUM

CVE-2022-43563

>= 8.1.0 and < 8.1.12

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker byp

8.1HIGH

CVE-2022-43562

>= 8.1.0 and < 8.1.12

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host hea

3.0LOW

CVE-2022-43571

>= 8.1.0 and < 8.1.12

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboa

8.8HIGH

CVE-2022-43561

>= 8.1.0 and < 8.1.12

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbit

6.4MEDIUM

CVE-2022-42915

>= 8.2.0 and < 8.2.12

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the c

8.1HIGH

CVE-2022-42916

>= 8.2.0 and < 8.2.12

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be in

7.5HIGH

CVE-2022-35252

>= 8.2.0 and < 8.2.12

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are s

3.7LOW

CVE-2021-31566

>= 8.2.0 and < 8.2.12

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and

7.8HIGH

CVE-2022-37439

>= 8.1.0 and < 8.1.11

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file

5.5MEDIUM

CVE-2022-37438

>= 8.1.0 and < 8.1.11

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak info

2.6LOW

CVE-2022-37437

all versions

When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certifi

7.4HIGH

CVE-2022-35737

>= 8.2.0 and < 8.2.12

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string arg

7.5HIGH

CVE-2022-32208

>= 8.2.0 and < 8.2.12

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possib

5.9MEDIUM

CVE-2022-32207

>= 8.2.0 and < 8.2.12

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation

9.8CRITICAL

CVE-2022-32206

>= 8.2.0 and < 8.2.12

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and p

6.5MEDIUM

CVE-2022-32205

>= 8.2.0 and < 8.2.12

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl < 7.84.0 stores all of

4.3MEDIUM

CVE-2022-32158

< 9.0

Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other d

9.0CRITICAL

CVE-2022-32157

< 9.0

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation re

7.5HIGH

CVE-2022-32156

< 9.0

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS cer

8.1HIGH

CVE-2022-32155

< 9.0

In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduce

7.5HIGH

CVE-2022-32154

< 9.0

Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the

6.8MEDIUM

CVE-2022-32153

< 9.0

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not valida

8.1HIGH

CVE-2022-32152

< 9.0

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not valida

8.1HIGH

CVE-2022-32151

< 9.0

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certifi

7.4HIGH

CVE-2022-30115

>= 8.2.0 and < 8.2.12

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HT

4.3MEDIUM

CVE-2022-27782

>= 8.2.0 and < 8.2.12

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibi

7.5HIGH

CVE-2022-27781

>= 8.2.0 and < 8.2.12

libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server's certificate

7.5HIGH

CVE-2022-27780

>= 8.2.0 and < 8.2.12

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a

7.5HIGH

CVE-2022-27779

>= 8.2.0 and < 8.2.12

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be

5.3MEDIUM

CVE-2022-27778

>= 8.2.0 and < 8.2.12

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together

8.1HIGH

CVE-2022-27776

>= 8.2.0 and < 8.2.12

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HT

6.5MEDIUM

CVE-2022-27775

>= 8.2.0 and < 8.2.12

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in t

7.5HIGH

CVE-2022-27774

>= 8.2.0 and < 8.2.12

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow

5.7MEDIUM

CVE-2022-22576

>= 8.2.0 and < 8.2.12

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticate

8.1HIGH

CVE-2022-27183

>= 8.1.0 and < 8.1.4

The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise ver

8.8HIGH

CVE-2022-26889

>= 8.1.0 and < 8.1.2

In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path trave

8.8HIGH

CVE-2022-26070

< 8.1.0

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which cont

4.3MEDIUM

CVE-2021-42743

< 8.1.1

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user

8.8HIGH

CVE-2021-33845

>= 8.1.0 and < 8.1.7

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts

5.3MEDIUM

CVE-2021-31559

>= 8.1.0 and < 8.1.5

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 vers

7.5HIGH

CVE-2021-26253

>= 8.1.0 and < 8.1.6

A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Ent

8.1HIGH

CVE-2021-3422

< 7.3.9

The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise i

7.5HIGH

CVE-2021-22947

>= 8.2.0 and < 8.2.12

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, t

5.9MEDIUM

CVE-2021-22946

>= 8.2.0 and < 8.2.12

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (

7.5HIGH

CVE-2021-22945

>= 8.2.0 and < 8.2.12

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an alr

9.1CRITICAL

CVE-2021-22926

>= 8.2.0 and < 8.2.12

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLC

7.5HIGH

CVE-2021-22925

>= 8.2.0 and < 8.2.12

curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send va

5.3MEDIUM

CVE-2021-22924

>= 8.2.0 and < 8.2.12

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.

3.7LOW

CVE-2021-22923

>= 8.2.0 and < 8.2.12

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink

5.3MEDIUM

CVE-2021-22922

>= 8.2.0 and < 8.2.12

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the met

6.5MEDIUM

CVE-2021-30560

>= 8.2.0 and < 8.2.12

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corrupt

8.8HIGH

CVE-2021-36976

>= 8.2.0 and < 8.2.12

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

6.5MEDIUM

CVE-2021-22901

>= 8.2.0 and < 8.2.12

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3

8.1HIGH

CVE-2021-22898

>= 8.2.0 and < 8.2.12

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS

3.1LOW

CVE-2021-22897

>= 8.2.0 and < 8.2.12

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIP

5.3MEDIUM

CVE-2021-3520

>= 8.2.0 and < 8.2.12

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer

9.8CRITICAL

CVE-2021-22890

>= 8.2.0 and < 8.2.12

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad han

3.7LOW

CVE-2021-22876

>= 8.2.0 and < 8.2.12

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leak

5.3MEDIUM

CVE-2020-8286

>= 8.2.0 and < 8.2.12

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the O

7.5HIGH

CVE-2020-8285

>= 8.2.0 and < 8.2.12

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match pa

7.5HIGH

CVE-2020-8284

>= 8.2.0 and < 8.2.12

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and p

3.7LOW

CVE-2020-8231

>= 8.2.0 and < 8.2.12

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

7.5HIGH

CVE-2020-8177

>= 8.2.0 and < 8.2.12

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwrit

7.8HIGH

CVE-2020-8169

>= 8.2.0 and < 8.2.12

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leak

7.5HIGH

CVE-2020-14155

>= 8.2.0 and < 8.2.12

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

5.3MEDIUM

CVE-2019-20838

>= 8.2.0 and < 8.2.12

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed qu

7.5HIGH

CVE-2019-20454

>= 8.2.0 and < 8.2.12

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted

7.5HIGH

CVE-2013-6773

>= 5.0 and < 5.0.3

Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges

7.8HIGH

CVE-2013-6772

< 5.0.4

Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking

4.3MEDIUM

CVE-2019-5727

>= 6.0.0 and < 6.0.15

Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1

5.4MEDIUM

CVE-2018-7432

>= 6.2.0 and < 6.2.14

Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.

7.5HIGH

CVE-2018-7431

>= 6.0.0 and < 6.0.14

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x be

6.5MEDIUM

CVE-2018-7429

>= 6.2.0 and < 6.2.14

Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow

7.5HIGH

CVE-2018-7427

>= 6.0.0 and < 6.0.14

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before

6.1MEDIUM

CVE-2017-18348

>= 6.6.0 and <= 6.6.11

Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to

7.0HIGH

CVE-2018-11409

<= 7.0.1

Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query

5.3MEDIUM

CVE-2017-17067

>= 6.3.0 and < 6.3.12

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x befo

9.8CRITICAL

CVE-2017-12572

all versions

Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 a

4.8MEDIUM

CVE-2016-4859

<= 6.4.2

Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6

6.1MEDIUM

CVE-2016-4858

<= 6.4.2

Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enter

4.8MEDIUM

CVE-2016-4857

<= 6.4.2

Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6

6.1MEDIUM

CVE-2016-4856

all versions

Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker

4.8MEDIUM

CVE-2017-5607

>= 5.0.0 and < 5.0.18

Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x

3.5LOW

CVE-2017-5880

<= 6.5.1

Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x be

6.5MEDIUM

CVE-2016-10126

all versions

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6

9.8CRITICAL

CVE-2015-7604

all versions

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6

CVE-2015-6515

all versions

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6

CVE-2015-6514

all versions

Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.

CVE-2014-5466

all versions

Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.

CVE-2014-8380

all versions

Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HT

CVE-2014-8303

all versions

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remot

CVE-2014-8302

all versions

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x befo

CVE-2014-8301

all versions

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject

CVE-2014-3147

<= 6.0.3

Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticate

CVE-2014-5198

all versions

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject a

CVE-2014-5197

all versions

Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows

CVE-2013-7394

<= 5.0.4

The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a c

CVE-2013-6771

<= 5.0.4

Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary comman

CVE-2014-0160

>= 6.0.0 and < 6.0.3

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which

7.5HIGH

CVE-2014-2578

<= 5.0.7

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web scri

CVE-2012-6447

all versions

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary w

CVE-2013-6870

<= 5.0.5

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web scri

CVE-2013-2766

all versions

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary w

CVE-2012-1908

all versions

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML

CVE-2011-4778

all versions

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary we

CVE-2011-4644

<= 4.2.5

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment tha

CVE-2011-4643

all versions

Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files v

CVE-2011-4642

all versions

mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes,

CVE-2010-3323

all versions

Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vec

CVE-2010-3322

>= 4.0 and <= 4.1.4

The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges

8.8HIGH

CVE-2010-2504

all versions

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header

CVE-2010-2503

all versions

Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to i

CVE-2010-2502

all versions

Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read

CVE-2010-2429

all versions

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to i