Filters
Splunk SplunkLow-privileged User can View Hashed Default Splunk Password
4.3
First published (updated )
Splunk Splunk‘edit_user’ Capability Privilege Escalation
First published (updated )
Splunk SplunkUnauthenticated Log Injection in Splunk Enterprise
8.6
First published (updated )
Splunk SplunkPath Traversal in Splunk App for Lookup File Editing
8.1
First published (updated )
Splunk SplunkDenial of Service via the 'dump' SPL command
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkRole-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results
4.3
First published (updated )
Splunk SplunkDenial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication
7.7
First published (updated )
Splunk SplunkInformation Disclosure via the ‘copyresults’ SPL Command
5.3
First published (updated )
Splunk SplunkPersistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View
5.4
First published (updated )
Splunk SplunkHTTP Response Splitting via the ‘rest’ SPL Command
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkSPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise
8.8
First published (updated )
Splunk SplunkPermissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise
4.3
First published (updated )
Splunk SplunkUnnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise
4.3
First published (updated )
Splunk SplunkPersistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise
8
First published (updated )
Splunk SplunkCross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkAuthenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise
6.3
First published (updated )
Splunk SplunkImproperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
7.5
First published (updated )
Splunk Splunk‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise
4.3
First published (updated )
Splunk SplunkSPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise
8.8
First published (updated )
Splunk SplunkSPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise
8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkSPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise
6.3
First published (updated )
Splunk SplunkIndexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise
7.5
First published (updated )
Splunk SplunkXML External Entity Injection through a custom View in Splunk Enterprise
8.8
First published (updated )
Splunk SplunkPersistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise
8
First published (updated )
Splunk SplunkReflected Cross-Site Scripting via the radio template in Splunk Enterprise
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkRemote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature
8.8
First published (updated )
Splunk SplunkRisky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise
8
First published (updated )
Splunk SplunkRisky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise
8.8
First published (updated )
Splunk SplunkDenial of Service in Splunk Enterprise through search macros
6.5
First published (updated )
Splunk SplunkRisky command safeguards bypass via rex search command field names in Splunk Enterprise
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkHost Header Injection in Splunk Enterprise
5.4
First published (updated )
Splunk SplunkRemote Code Execution through dashboard PDF generation component in Splunk Enterprise
8.8
First published (updated )
Splunk SplunkPersistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise
6.4
First published (updated )
Splunk SplunkInformation disclosure via the dashboard drilldown in Splunk Enterprise
3.5
First published (updated )
Splunk SplunkMalformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input
5.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Splunk SplunkReflected XSS in a query parameter of the Monitoring Console
8.8
First published (updated )
Splunk SplunkPath Traversal in search parameter results in external content injection
8.8
First published (updated )
Splunk SplunkUsername enumeration through lockout message in REST API
5.3
First published (updated )
Splunk SplunkBypass of Splunk Enterprise's implementation of DUO MFA
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.