splunk

284 tracked vulnerabilities.

CVE-2024-45739 MEDIUM
Splunk < 9.3.1, < 9.2.3, < 9.1.6 - Plaintext Password Exposure in AdminManager Debug Log
Oct 14, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-45738 MEDIUM
Splunk 9.1.0-9.1.5 - Sensitive Information Exposure via REST_Calls Log Channel
Oct 14, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-45737 MEDIUM
Splunk < 9.1.6 - CSRF
Oct 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45736 MEDIUM
Splunk Enterprise < 9.3.1, < 9.2.3, < 9.1.6 and Splunk Cloud Platform < 9.2.2403.107 - DoS via INGEST_EVAL
Oct 14, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-45735 MEDIUM
Splunk Enterprise < 9.1.6 and 9.2.0-9.2.2 - Unauthorized App Key Value Store Access
Oct 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45734 MEDIUM
Splunk 9.1.0-9.1.6 - Unauthorized File Read via PDF Export Dashboard Image Path
Oct 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45733 HIGH
Splunk 9.1.0-9.1.6 - Remote Code Execution via Insecure Session Storage
Oct 14, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-45732 HIGH
Splunk Enterprise < 9.3.1, 9.2.0-9.2.3 & Splunk Cloud Platform < 9.2.2403.103 - Missing Authorization
Oct 14, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-45731 HIGH
Splunk Enterprise for Windows < 9.3.1, < 9.2.3, < 9.1.6 - Path Traversal and Arbitrary File Write
Oct 14, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-36997 HIGH
Splunk < 9.0.10, 9.1.5-9.1.2312, < 9.2.2 - Authenticated Stored Cross-Site Scripting via conf-web/settings REST Endpoint
Jul 01, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-36996 MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.1.2312.109 User Enumeration via SAML
Jul 01, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-36995 MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud Platform <9.1.2312.200, <9.1.2308.207 Missing Authorization
Jul 01, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-36994 MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.1.2312.200 - Stored XSS via View/Bulletin
Jul 01, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-36993 MEDIUM
Splunk Enterprise <9.0.10, 9.1.5, <9.2.2 & Splunk Cloud <9.1.2308.207, 9.1.2312.200 - Stored XSS via Bulletin Messages
Jul 01, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-36992 MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud Platform <9.1.2312.200, <9.1.2308.207 - XSS via Dashboard URL
Jul 01, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-36991 HIGH NUCLEI
Splunk 9.0.0-9.0.9 - Path Traversal via /modules/messaging/ Endpoint
Jul 01, 2024
CVSS 7.5
EPSS 0.13
CVE-2024-36990 MEDIUM
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.2.2403.100 - Authenticated DoS via Datamodel/Web REST
Jul 01, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-36989 HIGH
Splunk Enterprise <9.2.2, <9.1.5, <9.0.10 & Splunk Cloud <9.1.2312.200 - Bulletin Message Injection
Jul 01, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-36987 MEDIUM
Splunk Enterprise < 9.2.2, < 9.1.5, < 9.0.10 & Splunk Cloud < 9.1.2312.200 - Authenticated File Upload
Jul 01, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-36986 MEDIUM
Splunk Cloud < 9.1.2308.207 - Information Disclosure
Jul 01, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-36985 HIGH
Authenticated RCE in Splunk (splunk_archiver app)
Jul 01, 2024
CVSS 8.8
EPSS 0.07
CVE-2024-36984 HIGH
Splunk 9.0.0-9.0.10 - Authenticated Remote Code Execution via Untrusted Data Deserialization
Jul 01, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-36983 HIGH
Splunk < 9.0.10 - Command Injection
Jul 01, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-36982 HIGH
Splunk Cloud < 9.1.2308.207 - NULL Pointer Dereference
Jul 01, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-29946 HIGH
Splunk Enterprise <9.2.1, 9.1.4, 9.0.9 - Info Disclosure
Mar 27, 2024
CVSS 8.1
EPSS 0.01