splunk

272 tracked vulnerabilities.

CVE-2025-20229 HIGH
Splunk <9.3.3, 9.2.5, 9.1.8 - Cloud & Enterprise - RCE
Mar 26, 2025
CVSS 8.0
EPSS 0.11
CVE-2025-20228 MEDIUM
Splunk <9.3.3, <9.2.5, <9.1.8 - CSRF
Mar 26, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-20227 MEDIUM
Splunk <9.4.1, <9.3.3, <9.2.5, <9.1.8 - Info Disclosure
Mar 26, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-20226 MEDIUM
Splunk <9.4.1, 9.3.3, 9.2.5, 9.1.8 - Privilege Escalation
Mar 26, 2025
CVSS 5.7
EPSS 0.00
CVE-2025-0367 MEDIUM
Splunk SA-ldapsearch <3.1.0 - ReDoS
Jan 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-22621 MEDIUM
Splunk App SOAR <1.0.67 - Privilege Escalation
Jan 07, 2025
CVSS 6.4
EPSS 0.00
CVE-2024-53247 HIGH
Splunk Enterprise <9.3.2, 9.2.4, 9.1.7 - RCE
Dec 10, 2024
CVSS 8.8
EPSS 0.04
CVE-2024-53246 MEDIUM
Splunk Enterprise <9.3.2, <9.2.4, <9.1.7 & Splunk Cloud <9.3.2408.101 - Sensitive Info Disclosure via SPL
Dec 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-53245 LOW
Splunk Enterprise <9.1.7, 9.2.4, 9.3.0 & Splunk Cloud <9.1.2312.206 - Unauthorized Dashboard Info Exposure
Dec 10, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-53244 MEDIUM
Splunk < 9.1.7 - Information Disclosure
Dec 10, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-53243 MEDIUM
Splunk Enterprise <9.3.2, 9.2.4, 9.1.7 - Info Disclosure
Dec 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45741 MEDIUM
Splunk 9.1.0-9.1.5 and 9.1.2312-9.1.2312.204 - Stored Cross-Site Scripting via Custom Configuration File
Oct 14, 2024
CVSS 5.4
EPSS 0.05
CVE-2024-45740 MEDIUM
Splunk Enterprise < 9.2.3, 9.1.0-9.1.6 & Splunk Cloud Platform < 9.2.2403 - Stored XSS via Scheduled Views
Oct 14, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-45739 MEDIUM
Splunk < 9.3.1, < 9.2.3, < 9.1.6 - Plaintext Password Exposure in AdminManager Debug Log
Oct 14, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-45738 MEDIUM
Splunk 9.1.0-9.1.5 - Sensitive Information Exposure via REST_Calls Log Channel
Oct 14, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-45737 MEDIUM
Splunk < 9.1.6 - CSRF
Oct 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45736 MEDIUM
Splunk Enterprise < 9.3.1, < 9.2.3, < 9.1.6 and Splunk Cloud Platform < 9.2.2403.107 - DoS via INGEST_EVAL
Oct 14, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-45735 MEDIUM
Splunk Enterprise < 9.1.6 and 9.2.0-9.2.2 - Unauthorized App Key Value Store Access
Oct 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45734 MEDIUM
Splunk 9.1.0-9.1.6 - Unauthorized File Read via PDF Export Dashboard Image Path
Oct 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45733 HIGH
Splunk 9.1.0-9.1.6 - Remote Code Execution via Insecure Session Storage
Oct 14, 2024
CVSS 8.8
EPSS 0.04
CVE-2024-45732 HIGH
Splunk Enterprise < 9.3.1, 9.2.0-9.2.3 & Splunk Cloud Platform < 9.2.2403.103 - Missing Authorization
Oct 14, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-45731 HIGH
Splunk Enterprise for Windows < 9.3.1, < 9.2.3, < 9.1.6 - Path Traversal and Arbitrary File Write
Oct 14, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-36997 HIGH
Splunk < 9.0.10, 9.1.5-9.1.2312, < 9.2.2 - Authenticated Stored Cross-Site Scripting via conf-web/settings REST Endpoint
Jul 01, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-36996 MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.1.2312.109 User Enumeration via SAML
Jul 01, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-36995 MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud Platform <9.1.2312.200, <9.1.2308.207 Missing Authorization
Jul 01, 2024
CVSS 5.4
EPSS 0.00
Products
splunk 192 splunk_cloud_platform 98 universal_forwarder 61 cloud 9 Splunk Enterprise 7 Splunk Cloud Platform 5 splunk_secure_gateway 4 add-on_builder 3 splunk_app_for_lookup_file_editing 3 Splunk MCP Server 2 Splunk Secure Gateway 2 enterprise_security 2 Splunk AI Toolkit 1 Splunk Add-on for Palo Alto Networks 1 Splunk App for SOAR 1 Splunk Supporting Add-on for Active Directory 1 cloudconnect_software_development_kit 1 hadoop_connect 1 it_service_intelligence 1 nozzle 1 soar 1 software_development_kit 1 splunk_app_for_stream 1
Quick Filters
Critical CVEs With Exploits In CISA KEV