splunk

272 tracked vulnerabilities.

CVE-2018-7432 HIGH
Splunk < 6.6.0 - Improper Input Validation
Oct 23, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-7431 MEDIUM
Splunk Enterprise 6.0.0-6.5.2 & Light <6.6.0 Authenticated Path Traversal
Oct 23, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-7429 HIGH
Splunk Enterprise 6.2.0-6.2.13, 6.3.0-6.3.10, 6.4.0-6.4.7 & Light <6.5.0 DoS via Malformed HTTP Request
Oct 23, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-7427 MEDIUM
Splunk Enterprise 6.0.0-6.5.2 & Splunk Light <6.6.0 XSS
Oct 23, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-11409 MEDIUM NUCLEI
Splunk < 7.0.1 - Unauthenticated Information Disclosure via Server Info Endpoint
Jun 08, 2018
CVSS 5.3
EPSS 0.92
CVE-2017-18348 HIGH
Splunk 6.6.0-6.6.10 - Privilege Escalation via splunk-launch.conf Modification
Oct 19, 2018
CVSS 7.0
EPSS 0.00
CVE-2017-17067 CRITICAL
Splunk 6.3.0-6.3.11 - Incorrect Authorization via SAML Authentication Bypass
Nov 30, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-12572 MEDIUM
Splunk Enterprise 6.3.x-6.5.x and Splunk Light < 6.5.2 - Authenticated Persistent Cross-Site Scripting
Aug 05, 2017
CVSS 4.8
EPSS 0.00
CVE-2017-5607 LOW
Splunk Enterprise <6.5.1 & Splunk Light <6.5.2 - Sensitive Info Exposure via Global Window Namespace
Apr 10, 2017
CVSS 3.5
EPSS 0.09
CVE-2017-7565 HIGH
Splunk Hadoop Connect App - Path Traversal
Apr 06, 2017
CVSS 8.8
EPSS 0.03
CVE-2017-5880 MEDIUM
Splunk Enterprise 5.0.x-6.5.x and Splunk Light < 6.5.2 - Authenticated Denial of Service via Crafted GET Request
Feb 04, 2017
CVSS 6.5
EPSS 0.01
CVE-2016-4859 MEDIUM
Splunk < 6.4.2 - Open Redirect
May 12, 2017
CVSS 6.1
EPSS 0.00
CVE-2016-4858 MEDIUM
Splunk Enterprise < 6.4.2 - Cross-Site Scripting
May 12, 2017
CVSS 4.8
EPSS 0.00
CVE-2016-4857 MEDIUM
Splunk Enterprise 6.2.x-6.4.x and Splunk Light < 6.4.2 - Open Redirect
May 12, 2017
CVSS 6.1
EPSS 0.00
CVE-2016-4856 MEDIUM
Splunk Enterprise 6.3.x < 6.3.5 and Splunk Light 6.3.x < 6.3.5 - Authenticated Cross-Site Scripting
May 12, 2017
CVSS 4.8
EPSS 0.00
CVE-2016-10126 CRITICAL
Splunk Enterprise 5.0.x-6.4.x - HTTP Request Injection and Authentication Token Exposure
Jan 10, 2017
CVSS 9.8
EPSS 0.01
CVE-2015-7604
Splunk Enterprise 6.2.x < 6.2.6 and Splunk Light 6.2.x < 6.2.6 - Cross-Site Scripting
Sep 29, 2015
EPSS 0.00
CVE-2015-6515
Splunk Enterprise 5.0.x-6.2.x and Splunk Light 6.2.x - Cross-Site Scripting via Header
Aug 18, 2015
EPSS 0.00
CVE-2015-6514
Splunk Enterprise 6.2.x < 6.2.4 and Splunk Light 6.2.x < 6.2.4 - Authenticated Cross-Site Scripting
Aug 18, 2015
EPSS 0.00
CVE-2014-5466
Splunk Enterprise 6.1.x < 6.1.4, 6.0.x < 6.0.7, 5.0.x < 5.0.10 - Cross-Site Scripting in Dashboard
Dec 16, 2014
EPSS 0.00
CVE-2014-8380
Splunk 6.1.1 - Cross-Site Scripting via HTTP Referer Header
Oct 21, 2014
EPSS 0.03
CVE-2014-8303
Splunk Enterprise 6.0.x-6.1.x - Cross-Site Scripting via Event Parsing
Oct 16, 2014
EPSS 0.00
CVE-2014-8302
Splunk Enterprise 5.0.x-6.1.x - Cross-Site Scripting via Dashboard
Oct 16, 2014
EPSS 0.00
CVE-2014-8301
Splunk Enterprise 5.0.x - Cross-Site Scripting via HTTP Referer Header
Oct 16, 2014
EPSS 0.00
CVE-2014-3147
Splunk < 6.0.4 - Authenticated Cross-Site Scripting via Auto-Complete Feature
Oct 10, 2014
EPSS 0.00
Products
splunk 192 splunk_cloud_platform 98 universal_forwarder 61 cloud 9 Splunk Enterprise 7 Splunk Cloud Platform 5 splunk_secure_gateway 4 add-on_builder 3 splunk_app_for_lookup_file_editing 3 Splunk MCP Server 2 Splunk Secure Gateway 2 enterprise_security 2 Splunk AI Toolkit 1 Splunk Add-on for Palo Alto Networks 1 Splunk App for SOAR 1 Splunk Supporting Add-on for Active Directory 1 cloudconnect_software_development_kit 1 hadoop_connect 1 it_service_intelligence 1 nozzle 1 soar 1 software_development_kit 1 splunk_app_for_stream 1
Quick Filters
Critical CVEs With Exploits In CISA KEV