CVE Daily
← All tags

Tag: Splunk

All CVEs associated with "Splunk". Page 1/2 • 220 CVEs.

About “Splunk”

A curated feed of “Splunk”-related CVEs appears below. We currently track 220 CVEs for this tag (all time). In the last 365 days, 47 were published. Average CVSS is 6.2 (all time; 5.5 over 365d), and 38% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-532 - Insertion of Sensitive Information into Log File, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-284 - Improper Access Control.

In our taxonomy this topic maps to a MODERATE impact class. Logging and monitoring stacks may expose dashboards or collectors. Patch services, enforce auth and TLS, restrict admin endpoints, rotate tokens, and review data retention. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: splunk

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
10.410.4.0
10.210.2.3
10.010.0.6
9.49.4.11
9.39.3.12 Soon
9.29.2.12 Expired
9.19.1.10 Expired
9.09.0.10 Expired
8.28.2.12 Expired
8.18.1.14 Expired
8.08.0.10 Expired
7.37.3.9 Expired
7.27.2.10.1 Expired
7.17.1.10 Expired
7.07.0.13.1 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Splunk”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-05-20
Medium

CVE-2026-20240

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129,…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2026-20239

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_…

CVSS: 7.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2026-20238

In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations…

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2026-05-01
Medium

CVE-2026-7589

A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function create_csv_export of the file services/csv-export-service…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2026-04-15
High

CVE-2026-20205

In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users sessio…

CVSS: 7.2 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2026-20204

In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a…

CVSS: 7.1 CWE: CWE-377 - Insecure Temporary File View on NVD
Medium

CVE-2026-20203

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127,…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2026-20202

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127,…

CVSS: 6.6 CWE: CWE-176 - Improper Handling of Unicode Encoding View on NVD
2026-03-11
Medium

CVE-2026-20166

In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "p…

CVSS: 5.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2026-20165

In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that d…

CVSS: 6.3 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2026-20164

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that d…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2026-20163

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that…

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2026-20162

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who doe…

CVSS: 6.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2026-02-18
Medium

CVE-2026-20144

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Sea…

CVSS: 6.8 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2026-20142

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index coul…

CVSS: 6.8 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to a…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2026-20139

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user t…

CVSS: 4.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2026-20138

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index coul…

CVSS: 6.8 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Low

CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user w…

CVSS: 3.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2025-12-03
Medium

CVE-2025-20389

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user tha…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2025-20388

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the hi…

CVSS: 2.7 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2025-20387

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in…

CVSS: 8.0 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2025-20386

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splu…

CVSS: 8.0 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Low

CVE-2025-20385

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privileg…

CVSS: 2.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-20384

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject A…

CVSS: 5.3 CWE: CWE-117 - Improper Output Neutralization for Logs View on NVD
Medium

CVE-2025-20383

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not h…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2025-20382

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120, a low-privileged user that does not hold th…

CVSS: 3.5 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
Medium

CVE-2025-20381

In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL c…

CVSS: 5.4 CWE: CWE-863 - Incorrect Authorization View on NVD
2025-11-26
Low

CVE-2025-20373

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the _internal index during the addition of new “Data Security Accounts“. The vulnerabi…

CVSS: 2.7 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2025-11-24
Medium

CVE-2025-12978

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a ta…

CVSS: 5.4 CWE: N/A View on NVD
Critical

CVE-2025-12977

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can sup…

CVSS: 9.1 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
2025-11-12
Low

CVE-2025-20379

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does n…

CVSS: 3.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2025-20378

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malici…

CVSS: 3.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2025-10-01
High

CVE-2025-20371

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a b…

CVSS: 7.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2025-20370

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the hi…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-20369

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin"…

CVSS: 4.6 CWE: CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') View on NVD
Medium

CVE-2025-20368

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin o…

CVSS: 5.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-20367

In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin'…

CVSS: 5.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-20366

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2025-07-07
Low

CVE-2025-20325

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search…

CVSS: 3.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-20324

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the…

CVSS: 5.4 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-20323

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trig…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-20322

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a sp…

CVSS: 4.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-20321

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a speci…

CVSS: 6.5 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-20320

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the…

CVSS: 6.3 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
Medium

CVE-2025-20319

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a…

CVSS: 6.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2025-20300

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
2025-06-02
Medium

CVE-2025-20297

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin"…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-03-26
Medium

CVE-2025-20230

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute permission…

CVSS: 2.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-20232

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user tha…

CVSS: 5.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-20231

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not…

CVSS: 7.1 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2025-20229

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not…

CVSS: 8.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-20228

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Sp…

CVSS: 6.5 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2025-20227

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-20226

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the…

CVSS: 5.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2025-01-30
Medium

CVE-2025-0367

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Ser…

CVSS: 6.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
2025-01-07
Medium

CVE-2025-22621

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could…

CVSS: 6.4 CWE: CWE-269 - Improper Privilege Management View on NVD
2024-12-10
High

CVE-2024-53247

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2024-53246

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclos…

CVSS: 5.3 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
Low

CVE-2024-53245

In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that h…

CVSS: 3.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2024-53244

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“…

CVSS: 5.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2024-53243

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does no…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2024-10-14
Medium

CVE-2024-45741

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk role…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-45740

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malic…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-45739

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you con…

CVSS: 4.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2024-45738

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splun…

CVSS: 4.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2024-45737

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Sp…

CVSS: 4.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-45736

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin"…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-45735

In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold th…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2024-45734

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by usi…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-45733

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an ins…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-45732

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user th…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-45731

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root dir…

CVSS: 8.0 CWE: CWE-23 - Relative Path Traversal View on NVD
2024-07-01
High

CVE-2024-36997

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context…

CVSS: 8.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-36996

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by d…

CVSS: 5.3 CWE: CWE-204 - Observable Response Discrepancy View on NVD
Medium

CVE-2024-36995

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2024-36994

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-36993

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-36992

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-36991

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerabi…

CVSS: 7.5 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
Medium

CVE-2024-36990

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk…

CVSS: 6.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2024-36989

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could crea…

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2024-36987

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk r…

CVSS: 4.3 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Medium

CVE-2024-36986

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissio…

CVSS: 6.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2024-36985

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup t…

CVSS: 8.8 CWE: CWE-687 - Function Call With Incorrectly Specified Argument Value View on NVD
High

CVE-2024-36984

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attack…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-36983

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a…

CVSS: 8.0 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-36982

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-05-27
Medium

CVE-2024-35291

Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user wh…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-03-27
High

CVE-2024-29946

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in…

CVSS: 8.1 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-29945

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enter…

CVSS: 7.2 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2024-01-30
Medium

CVE-2023-46231

In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or…

CVSS: 6.8 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2023-46230

In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.

CVSS: 8.2 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2024-01-22
High

CVE-2024-23678

In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a sep…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-23677

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.

CVSS: 4.3 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2024-23676

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user inte…

CVSS: 4.6 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-23675

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2024-01-09
Medium

CVE-2024-22165

In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generatio…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2024-22164

In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not prop…

CVSS: 4.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2023-11-16
High

CVE-2023-46214

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker ca…

CVSS: 8.0 CWE: CWE-91 - XML Injection (aka Blind XPath Injection) View on NVD
Medium

CVE-2023-46213

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2023-08-30
High

CVE-2023-4571

In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log fi…

CVSS: 8.6 CWE: CWE-117 - Improper Output Neutralization for Logs View on NVD
High

CVE-2023-40598

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert co…

CVSS: 8.5 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2023-40597

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

CVSS: 7.8 CWE: CWE-36 - Absolute Path Traversal View on NVD
High

CVE-2023-40596

In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An…

CVSS: 7.0 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2023-40595

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2023-40594

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-40593

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a…

CVSS: 6.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-40592

In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoi…

CVSS: 8.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2023-07-31
High

CVE-2023-3997

Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request c…

CVSS: 8.6 CWE: CWE-117 - Improper Output Neutralization for Logs View on NVD
2023-06-01
Medium

CVE-2023-32717

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoi…

CVSS: 4.3 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2023-32716

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a de…

CVSS: 6.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Medium

CVE-2023-32715

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itse…

CVSS: 4.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-32714

In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and wri…

CVSS: 8.1 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
High

CVE-2023-32713

In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine th…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-32712

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable term…

CVSS: 8.6 CWE: CWE-117 - Improper Output Neutralization for Logs View on NVD
Medium

CVE-2023-32711

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a st…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2023-32710

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a sear…

CVSS: 4.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2023-32709

In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the…

CVSS: 4.3 CWE: CWE-285 - Improper Authorization View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox