splunk
284 tracked vulnerabilities.
CVE-2024-45739
MEDIUM
Splunk < 9.3.1, < 9.2.3, < 9.1.6 - Plaintext Password Exposure in AdminManager Debug Log
Oct 14, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-45738
MEDIUM
Splunk 9.1.0-9.1.5 - Sensitive Information Exposure via REST_Calls Log Channel
Oct 14, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-45737
MEDIUM
Splunk < 9.1.6 - CSRF
Oct 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45736
MEDIUM
Splunk Enterprise < 9.3.1, < 9.2.3, < 9.1.6 and Splunk Cloud Platform < 9.2.2403.107 - DoS via INGEST_EVAL
Oct 14, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-45735
MEDIUM
Splunk Enterprise < 9.1.6 and 9.2.0-9.2.2 - Unauthorized App Key Value Store Access
Oct 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45734
MEDIUM
Splunk 9.1.0-9.1.6 - Unauthorized File Read via PDF Export Dashboard Image Path
Oct 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45733
HIGH
Splunk 9.1.0-9.1.6 - Remote Code Execution via Insecure Session Storage
Oct 14, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-45732
HIGH
Splunk Enterprise < 9.3.1, 9.2.0-9.2.3 & Splunk Cloud Platform < 9.2.2403.103 - Missing Authorization
Oct 14, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-45731
HIGH
Splunk Enterprise for Windows < 9.3.1, < 9.2.3, < 9.1.6 - Path Traversal and Arbitrary File Write
Oct 14, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-36997
HIGH
Splunk < 9.0.10, 9.1.5-9.1.2312, < 9.2.2 - Authenticated Stored Cross-Site Scripting via conf-web/settings REST Endpoint
Jul 01, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-36996
MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.1.2312.109 User Enumeration via SAML
Jul 01, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-36995
MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud Platform <9.1.2312.200, <9.1.2308.207 Missing Authorization
Jul 01, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-36994
MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.1.2312.200 - Stored XSS via View/Bulletin
Jul 01, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-36993
MEDIUM
Splunk Enterprise <9.0.10, 9.1.5, <9.2.2 & Splunk Cloud <9.1.2308.207, 9.1.2312.200 - Stored XSS via Bulletin Messages
Jul 01, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-36992
MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud Platform <9.1.2312.200, <9.1.2308.207 - XSS via Dashboard URL
Jul 01, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-36991
HIGH
NUCLEI
Splunk 9.0.0-9.0.9 - Path Traversal via /modules/messaging/ Endpoint
Jul 01, 2024
CVSS 7.5
EPSS 0.13
CVE-2024-36990
MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.2.2403.100 - Authenticated DoS via Datamodel/Web REST
Jul 01, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-36989
HIGH
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.1.2312.200 - Bulletin Message Injection
Jul 01, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-36987
MEDIUM
Splunk Enterprise < 9.2.2, < 9.1.5, < 9.0.10 & Splunk Cloud < 9.1.2312.200 - Authenticated File Upload
Jul 01, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-36986
MEDIUM
Splunk Cloud < 9.1.2308.207 - Information Disclosure
Jul 01, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-36985
HIGH
Authenticated RCE in Splunk (splunk_archiver app)
Jul 01, 2024
CVSS 8.8
EPSS 0.07
CVE-2024-36984
HIGH
Splunk 9.0.0-9.0.10 - Authenticated Remote Code Execution via Untrusted Data Deserialization
Jul 01, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-36983
HIGH
Splunk < 9.0.10 - Command Injection
Jul 01, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-36982
HIGH
Splunk Cloud < 9.1.2308.207 - NULL Pointer Dereference
Jul 01, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-29946
HIGH
Splunk Enterprise <9.2.1, 9.1.4, 9.0.9 - Info Disclosure
Mar 27, 2024
CVSS 8.1
EPSS 0.01
Products
splunk 201
splunk_cloud_platform 106
universal_forwarder 61
Splunk Enterprise 16
Splunk Cloud Platform 14
cloud 9
splunk_secure_gateway 5
Splunk AI Toolkit 3
Splunk Secure Gateway 3
add-on_builder 3
ai_toolkit 3
splunk_app_for_lookup_file_editing 3
Splunk MCP Server 2
enterprise_security 2
Splunk Add-on for Palo Alto Networks 1
Splunk App for SOAR 1
Splunk SOAR 1
Splunk Supporting Add-on for Active Directory 1
cloudconnect_software_development_kit 1
hadoop_connect 1
it_service_intelligence 1
nozzle 1
soar 1
software_development_kit 1
splunk_app_for_stream 1
Quick Filters