Latest vulnerabilities for "splunk splunk cloud platform"

5.4

First published (updated )

CVE-2024-36993

Splunk SplunkLow-privileged user could create experimental items

5.4

First published (updated )

CVE-2024-36995

Splunk SplunkDenial of Service (DoS) on the datamodel/web REST endpoint

6.5

First published (updated )

CVE-2024-36990

Splunk SplunkPersistent Cross-site Scripting (XSS) in Dashboard Elements

5.4

First published (updated )

CVE-2024-36992

Splunk SplunkInformation Disclosure of user names

5.3

First published (updated )

CVE-2024-36996

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Splunk SplunkPersistent Cross-site Scripting (XSS) in Dashboard Elements

5.4

First published (updated )

CVE-2024-36994

Splunk SplunkAbsolute Path Traversal in Splunk Enterprise Using runshellscript.py

8.8

First published (updated )

CVE-2023-40597

Splunk SplunkDenial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request

7.5

First published (updated )

CVE-2023-40593

Splunk SplunkDenial of Service (DoS) via the ‘printf’ Search Function

7.5

First published (updated )

CVE-2023-40594

Splunk SplunkReflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint

8.4

First published (updated )

CVE-2023-40592

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Splunk SplunkRemote Code Execution via Serialized Session Payload

critical

9.8

First published (updated )

CVE-2023-40595

Splunk SplunkCommand Injection in Splunk Enterprise Using External Lookups

8.8

First published (updated )

CVE-2023-40598

Splunk SplunkLow-privileged User can View Hashed Default Splunk Password

4.3

First published (updated )

CVE-2023-32709

Splunk Splunk‘edit_user’ Capability Privilege Escalation

8.8

Exploited

First published (updated )

CVE-2023-32707

Splunk SplunkDenial of Service via the 'dump' SPL command

6.5

First published (updated )

CVE-2023-32716

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Splunk SplunkRole-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results

4.3

First published (updated )

CVE-2023-32717

Splunk SplunkDenial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication

7.7

First published (updated )

CVE-2023-32706

Splunk SplunkInformation Disclosure via the ‘copyresults’ SPL Command

5.3

First published (updated )

CVE-2023-32710

Splunk SplunkHTTP Response Splitting via the ‘rest’ SPL Command

8.8

First published (updated )

CVE-2023-32708

Splunk SplunkSPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise

8.8

First published (updated )

CVE-2023-22939

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Splunk SplunkPermissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise

4.3

First published (updated )

CVE-2023-22938

Splunk SplunkUnnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise

4.3

First published (updated )

CVE-2023-22937

Splunk SplunkPersistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise

8

First published (updated )

CVE-2023-22933

Splunk SplunkPersistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise

8.7

First published (updated )

CVE-2023-22932

Splunk SplunkAuthenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise

6.3

First published (updated )

CVE-2023-22936

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Splunk SplunkImproperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon

7.5

First published (updated )

CVE-2023-22941

Splunk Splunk‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise

4.3

First published (updated )

CVE-2023-22931

Splunk SplunkSPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise

8.8

First published (updated )

CVE-2023-22935

Splunk SplunkSPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise

8

First published (updated )

CVE-2023-22934

Splunk SplunkSPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise

6.3

First published (updated )

CVE-2023-22940

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Splunk SplunkIndexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise

7.5

First published (updated )

CVE-2022-43572

Splunk SplunkXML External Entity Injection through a custom View in Splunk Enterprise

8.8

First published (updated )

CVE-2022-43570

Splunk SplunkPersistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise

8

First published (updated )

CVE-2022-43569

Splunk SplunkReflected Cross-Site Scripting via the radio template in Splunk Enterprise

8.8

First published (updated )

CVE-2022-43568

Splunk SplunkRemote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature

8.8

First published (updated )

CVE-2022-43567

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Splunk SplunkRisky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise

8

First published (updated )

CVE-2022-43566

Splunk SplunkRisky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise

8.8

First published (updated )

CVE-2022-43565

Splunk SplunkDenial of Service in Splunk Enterprise through search macros

6.5

First published (updated )

CVE-2022-43564

Splunk SplunkRisky command safeguards bypass via rex search command field names in Splunk Enterprise

8.8

First published (updated )

CVE-2022-43563

Splunk SplunkHost Header Injection in Splunk Enterprise

5.4

First published (updated )

CVE-2022-43562

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Splunk SplunkRemote Code Execution through dashboard PDF generation component in Splunk Enterprise

8.8

First published (updated )

CVE-2022-43571

Splunk SplunkPersistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise

6.4

First published (updated )

CVE-2022-43561

Splunk SplunkInformation disclosure via the dashboard drilldown in Splunk Enterprise

low

3.5

First published (updated )

CVE-2022-37438

Splunk SplunkUniversal Forwarder management services allows remote login by default

7.5

First published (updated )

CVE-2022-32155

Splunk SplunkRisky commands warnings in Splunk Enterprise Dashboards

8.1

First published (updated )

CVE-2022-32154

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Splunk SplunkSplunk Enterprise lacked TLS host name validation

8.1

First published (updated )

CVE-2022-32153

Splunk SplunkSplunk Enterprise lacked TLS cert validation for Splunk-to-Splunk communication by default