Latest splunk splunk Vulnerabilities

CVE-2024-29945
Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise
Splunk Splunk>=9.0.0<9.0.9
Splunk Splunk>=9.1.0<9.1.4
Splunk Splunk>=9.2.0<9.2.1
CVE-2024-29946
Risky command safeguards bypass in Dashboard Examples Hub
Splunk Splunk>=9.0.0<9.0.9
Splunk Splunk>=9.1.0<9.1.4
Splunk Splunk>=9.2.0<9.2.1
CVE-2024-23678
Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition
Splunk Splunk>=9.0.0<9.0.8
Splunk Splunk>=9.1.0<9.1.3
CVE-2024-23676
Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command
Splunk Cloud<9.1.2308.200
Splunk Splunk>=9.0.0<9.0.8
Splunk Splunk>=9.1.0<9.1.3
CVE-2024-23677
Server Response Disclosure in RapidDiag Salesforce.com Log File
Splunk Cloud<9.0.2208
Splunk Splunk>=9.0.0<9.0.8
CVE-2024-23675
Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion
Splunk Cloud<9.1.2312.100
Splunk Splunk>=9.0.0<9.0.8
Splunk Splunk>=9.1.0<9.1.3
CVE-2023-46213
Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page
Splunk Cloud<9.1.2308
Splunk Splunk>=9.0.0<9.0.7
Splunk Splunk>=9.1.0<9.1.2
CVE-2023-46214
Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
Splunk Cloud<9.1.2308
Splunk Splunk>=9.0.0<9.0.7
Splunk Splunk>=9.1.0<9.1.2
CVE-2023-40597
Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk=9.1.0
Splunk Splunk Cloud Platform<=9.0.2305.100
CVE-2023-40596
Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk=9.1.0
Microsoft Windows
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
and 2 more
CVE-2023-40593
Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk Cloud Platform<=9.0.2305.100
CVE-2023-40594
Denial of Service (DoS) via the ‘printf’ Search Function
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk=9.1.0
Splunk Splunk Cloud Platform<=9.0.2305.100
CVE-2023-40592
Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk=9.1.0
Splunk Splunk Cloud Platform<=9.0.2305.100
CVE-2023-40595
Remote Code Execution via Serialized Session Payload
Splunk Splunk>=8.2.0<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk=9.1.0
Splunk Splunk Cloud Platform<=9.0.2305.100
CVE-2023-40598
Command Injection in Splunk Enterprise Using External Lookups
Splunk Splunk<8.2.12
Splunk Splunk>=9.0.0<9.0.6
Splunk Splunk>=9.1.0<9.1.1
Splunk Splunk Cloud Platform<9.0.2305.200
CVE-2023-32707
‘edit_user’ Capability Privilege Escalation
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32709
Low-privileged User can View Hashed Default Splunk Password
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32716
Denial of Service via the 'dump' SPL command
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32712
Unauthenticated Log Injection in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
CVE-2023-32714
Path Traversal in Splunk App for Lookup File Editing
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk App For Lookup File Editing<4.0.1
CVE-2023-32717
Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32706
Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32710
Information Disclosure via the ‘copyresults’ SPL Command
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32708
HTTP Response Splitting via the ‘rest’ SPL Command
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
Splunk Splunk Cloud Platform<9.0.2303.100
CVE-2023-32711
Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View
Splunk Splunk>=8.1.0<8.1.14
Splunk Splunk>=8.2.0<8.2.11
Splunk Splunk>=9.0.0<9.0.5
CVE-2023-22939
SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22938
Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22937
Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22933
Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209
CVE-2023-22942
Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
CVE-2023-22932
Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise
>=9.0.0<9.0.4
<9.0.2209.3
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22936
Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22941
Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22931
‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk Cloud Platform<8.2.2203
CVE-2023-22935
SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22934
SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2023-22940
SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise
Splunk Splunk>=8.1.0<8.1.13
Splunk Splunk>=8.2.0<8.2.10
Splunk Splunk>=9.0.0<9.0.4
Splunk Splunk Cloud Platform<9.0.2209.3
CVE-2022-43566
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https:...
Splunk Splunk>=8.1.0<8.1.12
Splunk Splunk>=8.2.0<8.2.9
Splunk Splunk>=9.0.0<9.0.2
Splunk Splunk Cloud Platform<9.0.2208
CVE-2022-43569
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of ...
Splunk Splunk>=8.1.0<8.1.12
Splunk Splunk>=8.2.0<8.2.9
Splunk Splunk>=9.0.0<9.0.2
Splunk Splunk Cloud Platform<9.0.2209
CVE-2022-43570
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection...
Splunk Splunk>=8.1.0<8.1.12
Splunk Splunk>=8.2.0<8.2.9
Splunk Splunk>=9.0.0<9.0.2
Splunk Splunk Cloud Platform<9.0.2209
CVE-2022-43567
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile ale...
Splunk Splunk>=8.1.0<8.1.12
Splunk Splunk>=8.2.0<8.2.9
Splunk Splunk>=9.0.0<9.0.2
Splunk Splunk Cloud Platform<9.0.2205
CVE-2022-43572
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or...
Splunk Splunk>=8.1.0<8.1.12
Splunk Splunk>=8.2.0<8.2.9
Splunk Splunk>=9.0.0<9.0.2
Splunk Splunk Cloud Platform<9.0.2209
CVE-2022-43565
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs....
Splunk Splunk>=8.1.0<8.1.12
Splunk Splunk>=8.2.0<8.2.9
Splunk Splunk Cloud Platform<9.0.2203
CVE-2022-43564
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted ...
Splunk Splunk>=8.1.0<8.1.12
Splunk Splunk>=8.2.0<8.2.9
Splunk Splunk Cloud Platform<9.0.2205
CVE-2022-43562
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attac...
Splunk Splunk>=8.1.0<8.1.12
Splunk Splunk>=8.2.0<8.2.9
Splunk Splunk>=9.0.0<9.0.2
Splunk Splunk Cloud Platform<9.0.2208
CVE-2022-43563
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Document...
Splunk Splunk>=8.1.0<8.1.12
Splunk Splunk>=8.2.0<8.2.9
Splunk Splunk Cloud Platform<9.0.2203
CVE-2022-43571
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.
Splunk Splunk>=8.1.0<8.1.12
Splunk Splunk>=8.2.0<8.2.9
Splunk Splunk>=9.0.0<9.0.2
Splunk Splunk Cloud Platform<9.0.2209
CVE-2022-43561
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The v...
Splunk Splunk>=8.1.0<8.1.12
Splunk Splunk>=8.2.0<8.2.9
Splunk Splunk>=9.0.0<9.0.2
Splunk Splunk Cloud Platform<9.0.2208
CVE-2022-37439
In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts t...
Splunk Splunk>=8.1.0<8.1.11
Splunk Splunk>=8.2.0<8.2.7.1
Splunk Universal Forwarder>=8.1.0<8.1.11
Splunk Universal Forwarder>=8.2.0<8.2.7.1
CVE-2022-37438
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk use...
Splunk Splunk>=8.1.0<8.1.11
Splunk Splunk>=8.2.0<8.2.7.1
Splunk Splunk=9.0.0
Splunk Splunk Cloud Platform<=8.2.2203.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203