Filters
Versions
Splunk SplunkMaintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF)
4.3
First published (updated )
Splunk Splunk Cloud PlatformLow-privileged user could run search as nobody in SplunkDeploymentServerConfig app
7.1
First published (updated )
Splunk SplunkImproperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
6.5
First published (updated )
Splunk SplunkPersistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise
5.4
First published (updated )
Splunk SplunkPersistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkImproper Access Control for low-privileged user in Splunk Secure Gateway App
4.3
First published (updated )
Splunk SplunkPersistent Cross-site Scripting (XSS) in Web Bulletin
5.4
First published (updated )
Splunk SplunkLow-privileged user could create experimental items
5.4
First published (updated )
Splunk SplunkDenial of Service (DoS) on the datamodel/web REST endpoint
6.5
First published (updated )
Splunk SplunkPersistent Cross-site Scripting (XSS) in Dashboard Elements
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkPersistent Cross-site Scripting (XSS) in Dashboard Elements
5.4
First published (updated )
Splunk SplunkAbsolute Path Traversal in Splunk Enterprise Using runshellscript.py
8.8
First published (updated )
Splunk SplunkDenial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request
7.5
First published (updated )
Splunk SplunkDenial of Service (DoS) via the ‘printf’ Search Function
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkReflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint
8.4
First published (updated )
Splunk SplunkRemote Code Execution via Serialized Session Payload
9.8
First published (updated )
Splunk SplunkCommand Injection in Splunk Enterprise Using External Lookups
8.8
First published (updated )
Splunk SplunkLow-privileged User can View Hashed Default Splunk Password
4.3
First published (updated )
Splunk Splunk‘edit_user’ Capability Privilege Escalation
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkDenial of Service via the 'dump' SPL command
6.5
First published (updated )
Splunk SplunkRole-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results
4.3
First published (updated )
Splunk SplunkDenial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication
7.7
First published (updated )
Splunk SplunkInformation Disclosure via the ‘copyresults’ SPL Command
5.3
First published (updated )
Splunk SplunkHTTP Response Splitting via the ‘rest’ SPL Command
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkSPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise
8.8
First published (updated )
Splunk SplunkPermissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise
4.3
First published (updated )
Splunk SplunkUnnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise
4.3
First published (updated )
Splunk SplunkPersistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise
8
First published (updated )
Splunk SplunkPersistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise
8.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkAuthenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise
6.3
First published (updated )
Splunk SplunkImproperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
7.5
First published (updated )
Splunk Splunk‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise
4.3
First published (updated )
Splunk SplunkSPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise
8.8
First published (updated )
Splunk SplunkSPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise
8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkSPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise
6.3
First published (updated )
Splunk SplunkIndexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise
7.5
First published (updated )
Splunk SplunkXML External Entity Injection through a custom View in Splunk Enterprise
8.8
First published (updated )
Splunk SplunkPersistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise
8
First published (updated )
Splunk SplunkReflected Cross-Site Scripting via the radio template in Splunk Enterprise
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkRemote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature
8.8
First published (updated )
Splunk SplunkRisky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise
8
First published (updated )
Splunk SplunkRisky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise
8.8
First published (updated )
Splunk SplunkDenial of Service in Splunk Enterprise through search macros
6.5
First published (updated )
Splunk SplunkRisky command safeguards bypass via rex search command field names in Splunk Enterprise
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkHost Header Injection in Splunk Enterprise
5.4
First published (updated )
Splunk SplunkRemote Code Execution through dashboard PDF generation component in Splunk Enterprise
8.8
First published (updated )
Splunk SplunkPersistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise
6.4
First published (updated )
Splunk SplunkInformation disclosure via the dashboard drilldown in Splunk Enterprise
3.5
First published (updated )
Splunk SplunkUniversal Forwarder management services allows remote login by default
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.