splunk

272 tracked vulnerabilities.

CVE-2024-36994 MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.1.2312.200 - Stored XSS via View/Bulletin
Jul 01, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-36993 MEDIUM
Splunk Enterprise <9.0.10, 9.1.5, <9.2.2 & Splunk Cloud <9.1.2308.207, 9.1.2312.200 - Stored XSS via Bulletin Messages
Jul 01, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-36992 MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud Platform <9.1.2312.200, <9.1.2308.207 - XSS via Dashboard URL
Jul 01, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-36991 HIGH NUCLEI
Splunk 9.0.0-9.0.9 - Path Traversal via /modules/messaging/ Endpoint
Jul 01, 2024
CVSS 7.5
EPSS 0.94
CVE-2024-36990 MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.2.2403.100 - Authenticated DoS via Datamodel/Web REST
Jul 01, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-36989 HIGH
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.1.2312.200 - Bulletin Message Injection
Jul 01, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-36987 MEDIUM
Splunk Enterprise < 9.2.2, < 9.1.5, < 9.0.10 & Splunk Cloud < 9.1.2312.200 - Authenticated File Upload
Jul 01, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-36986 MEDIUM
Splunk Cloud < 9.1.2308.207 - Information Disclosure
Jul 01, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-36985 HIGH
Authenticated RCE in Splunk (splunk_archiver app)
Jul 01, 2024
CVSS 8.8
EPSS 0.45
CVE-2024-36984 HIGH
Splunk 9.0.0-9.0.10 - Authenticated Remote Code Execution via Untrusted Data Deserialization
Jul 01, 2024
CVSS 8.8
EPSS 0.03
CVE-2024-36983 HIGH
Splunk < 9.0.10 - Command Injection
Jul 01, 2024
CVSS 8.0
EPSS 0.02
CVE-2024-36982 HIGH
Splunk Cloud < 9.1.2308.207 - NULL Pointer Dereference
Jul 01, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-29946 HIGH
Splunk Enterprise <9.2.1, 9.1.4, 9.0.9 - Info Disclosure
Mar 27, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-29945 HIGH
Splunk Enterprise <9.2.1-9.0.9 - Info Disclosure
Mar 27, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-23678 HIGH
Splunk Enterprise for Windows 9.0.0-9.0.8 - Unsafe Deserialization via Path Input
Jan 22, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-23677 MEDIUM
Splunk Cloud < 9.0.2208 and Splunk Enterprise 9.0.0-9.0.8 - Sensitive Information Disclosure in RapidDiag Log File
Jan 22, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-23676 MEDIUM
Splunk Cloud < 9.1.2308.200 and Splunk 9.0.0-9.0.8 - Unauthorized Metrics Access via mrollup SPL Command
Jan 22, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-23675 MEDIUM
Splunk Cloud < 9.1.2312.100 and Splunk Enterprise 9.0.0-9.0.8 - Improper Access Control in KV Store REST API
Jan 22, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-22165 MEDIUM
Splunk Enterprise Security < 7.1.2 - Authenticated Denial of Service via Malformed Investigation
Jan 09, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-22164 MEDIUM
Splunk Enterprise Security < 7.1.2 - Denial of Service via Investigation Attachment Endpoint
Jan 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2023-46231 MEDIUM
Splunk Add-on Builder <4.1.4 - Info Disclosure
Jan 30, 2024
CVSS 6.8
EPSS 0.00
CVE-2023-46230 HIGH
Splunk Add-on Builder <4.1.4 - Info Disclosure
Jan 30, 2024
CVSS 8.2
EPSS 0.00
CVE-2023-46214 HIGH
Splunk Enterprise <9.0.7-9.1.2 - RCE
Nov 16, 2023
CVSS 8.0
EPSS 0.88
CVE-2023-46213 MEDIUM
Splunk Enterprise <9.0.7-9.1.2 - Code Injection
Nov 16, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-4571 HIGH
Splunk IT Service Intelligence <4.13.3, 4.15.3, 4.17.1 - Code Injec...
Aug 30, 2023
CVSS 8.6
EPSS 0.00
Products
splunk 192 splunk_cloud_platform 98 universal_forwarder 61 cloud 9 Splunk Enterprise 7 Splunk Cloud Platform 5 splunk_secure_gateway 4 add-on_builder 3 splunk_app_for_lookup_file_editing 3 Splunk MCP Server 2 Splunk Secure Gateway 2 enterprise_security 2 Splunk AI Toolkit 1 Splunk Add-on for Palo Alto Networks 1 Splunk App for SOAR 1 Splunk Supporting Add-on for Active Directory 1 cloudconnect_software_development_kit 1 hadoop_connect 1 it_service_intelligence 1 nozzle 1 soar 1 software_development_kit 1 splunk_app_for_stream 1
Quick Filters
Critical CVEs With Exploits In CISA KEV