Splunk Cloud Vulnerabilities

Insufficient Access Control in Splunk Enterprise and Splunk Cloud Platform

CVE-2024-53245

SplunkSplunk Enterprise3.1LOW

Sensitive Information Disclosure in Splunk Enterprise and Cloud Platform

CVE-2024-53246

SplunkSplunk Enterprise5.3MEDIUM

Privilege Escalation in Splunk Enterprise and Cloud Platforms

CVE-2024-53244

SplunkSplunk Enterprise5.7MEDIUM

Low-Privileged User Vulnerability in Splunk Enterprise

CVE-2024-45737

SplunkSplunk Enterprise4.3MEDIUM

Low-Privileged User Vulnerability in Splunk Enterprise

CVE-2024-45732

SplunkSplunk Enterprise7.1HIGH

Splunk Enterprise Version Vulnerability Could Lead to Browser JavaScript Execution

CVE-2024-45741

SplunkSplunk Enterprise5.4MEDIUM

Splunk Enterprise Versions below 9.3.1, 9.2.3, and 9.1.6 Have a Vulnerability in Field Transformation That Can Crash the Splunk Daemon

CVE-2024-45736

SplunkSplunk Enterprise6.5MEDIUM

Low-Privileged User Could Execute Unauthorized JavaScript Code Through Scheduled Views

CVE-2024-45740

SplunkSplunk Enterprise5.4MEDIUM

Splunk Enterprise Vulnerability: Arbitrary JavaScript Code Execution in Browser Context

CVE-2024-36997

SplunkSplunk Enterprise4.6MEDIUM

Low-Privileged User Could Execute Unauthorized JavaScript Code Through Splunk Web Bulletin Messages

CVE-2024-36993

SplunkSplunk Enterprise5.4MEDIUM

Low-Privileged Users Can Create Experimental Items in Splunk Enterprise Versions Below 9.2.2, 9.1.5, and 9.0.10

CVE-2024-36995

SplunkSplunk Enterprise4.3MEDIUM

Splunk Enterprise Crash Vulnerability

CVE-2024-36982

SplunkSplunk Enterprise7.5HIGH

Low-Privileged User Could Cause Denial of Service in Splunk Enterprise

CVE-2024-36990

SplunkSplunk Enterprise6.5MEDIUM

Splunk Enterprise Vulnerable to Persistent XSS Attacks

CVE-2024-36992

SplunkSplunk Enterprise5.4MEDIUM

Authenticated User Could Run Risky Commands Using Higher-Privileged User's Permissions to Bypass SPL Safeguards in Analytics Workspace

CVE-2024-36986

SplunkSplunk Enterprise6.3MEDIUM

Authenticated User Vulnerability in Splunk Enterprise and Splunk Cloud Platform Could Allow Arbitrary Code Execution

CVE-2024-36983

SplunkSplunk Enterprise8HIGH

Splunk Enterprise Vulnerability: Brute-Force Password Guessing Attacks

CVE-2024-36996

SplunkSplunk Enterprise5.3MEDIUM

Low-Privileged User Vulnerability in Splunk Enterprise and Cloud Platform Could Lead to Execution of Unauthorized JavaScript Code

CVE-2024-36994

SplunkSplunk Enterprise5.4MEDIUM

Low-Privileged User Could Create Notifications in Splunk Web Bulletin Messages

CVE-2024-36989

SplunkSplunk Enterprise6.5MEDIUM

Arbitrary File Upload Vulnerability in Splunk Enterprise

CVE-2024-36987

SplunkSplunk Enterprise4.3MEDIUM

Splunk Enterprise Vulnerability: Risky SPL Commands in Dashboard Examples Hub

CVE-2024-29946

SplunkSplunk Enterprise📰8.1HIGH

Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command

CVE-2024-23676

SplunkSplunk Enterprise4.6MEDIUM

Server Response Disclosure in RapidDiag Salesforce.com Log File

CVE-2024-23677

SplunkSplunk Enterprise4.3MEDIUM

Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion

CVE-2024-23675

SplunkSplunk Enterprise6.5MEDIUM

Splunk Enterprise Vulnerability: Remote Code Execution via Malicious XSLT

CVE-2023-46214

SplunkSplunk Enterprise👾EPSS 17%📰8HIGH

Splunk Cloud Vulnerabilities

Vulnerability Published:

Sort By:

10 December 2024

Insufficient Access Control in Splunk Enterprise and Splunk Cloud Platform

Sensitive Information Disclosure in Splunk Enterprise and Cloud Platform

Privilege Escalation in Splunk Enterprise and Cloud Platforms

14 October 2024

Low-Privileged User Vulnerability in Splunk Enterprise

Low-Privileged User Vulnerability in Splunk Enterprise

Splunk Enterprise Version Vulnerability Could Lead to Browser JavaScript Execution

Splunk Enterprise Versions below 9.3.1, 9.2.3, and 9.1.6 Have a Vulnerability in Field Transformation That Can Crash the Splunk Daemon

Low-Privileged User Could Execute Unauthorized JavaScript Code Through Scheduled Views

1 July 2024

Splunk Enterprise Vulnerability: Arbitrary JavaScript Code Execution in Browser Context

Low-Privileged User Could Execute Unauthorized JavaScript Code Through Splunk Web Bulletin Messages

Low-Privileged Users Can Create Experimental Items in Splunk Enterprise Versions Below 9.2.2, 9.1.5, and 9.0.10

Splunk Enterprise Crash Vulnerability

Low-Privileged User Could Cause Denial of Service in Splunk Enterprise

Splunk Enterprise Vulnerable to Persistent XSS Attacks

Authenticated User Could Run Risky Commands Using Higher-Privileged User's Permissions to Bypass SPL Safeguards in Analytics Workspace

Authenticated User Vulnerability in Splunk Enterprise and Splunk Cloud Platform Could Allow Arbitrary Code Execution

Splunk Enterprise Vulnerability: Brute-Force Password Guessing Attacks

Low-Privileged User Vulnerability in Splunk Enterprise and Cloud Platform Could Lead to Execution of Unauthorized JavaScript Code

Low-Privileged User Could Create Notifications in Splunk Web Bulletin Messages

Arbitrary File Upload Vulnerability in Splunk Enterprise

27 March 2024

Splunk Enterprise Vulnerability: Risky SPL Commands in Dashboard Examples Hub

22 January 2024

Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command

Server Response Disclosure in RapidDiag Salesforce.com Log File

Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion

16 November 2023

Splunk Enterprise Vulnerability: Remote Code Execution via Malicious XSLT