cbcvebase.

Splunk Cloud Platform vulnerabilities

111 known vulnerabilities affecting splunk/splunk_cloud_platform.

Total CVEs
111
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH32MEDIUM73LOW5

Vulnerabilities

Page 1 of 6
CVE-2023-32707P2HIGHCVSS 8.8PoCfixed in 9.0.2303.100≥ -, < 9.0.2303.1002023-06-01
CVE-2023-32707 [HIGH] CWE-285 CVE-2023-32707: In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below ve In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
nvd
CVE-2022-43571P2HIGHCVSS 8.8PoCfixed in 9.0.22092022-11-03
CVE-2022-43571 [HIGH] CWE-94 CVE-2022-43571: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbi In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.
nvd
CVE-2026-20251P2HIGHCVSS 8.8≥ 9.3.2411, < 9.3.2411.132≥ 10.1.2507, < 10.1.2507.22+2 more2026-06-10
CVE-2026-20251 [HIGH] CWE-502 CVE-2026-20251: In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versio In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could perform a Remote Code Execution
nvd
CVE-2025-20229P3HIGHCVSS 8.0≥ 9.1.2312, < 9.1.2312.208≥ 9.2.2403, < 9.2.2403.114+4 more2025-03-26
CVE-2025-20229 [HIGH] CWE-284 CVE-2025-20229: In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions bel In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" dire
nvd
CVE-2024-36983P3HIGHCVSS 8.8≥ 9.1.2308, < 9.1.2308.207≥ 9.1.2312, < 9.1.2312.1092024-07-01
CVE-2024-36983 [HIGH] CWE-77 CVE-2024-36983: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From the
nvd
CVE-2022-43567P3HIGHCVSS 8.8fixed in 9.0.22052022-11-04
CVE-2022-43567 [HIGH] CWE-502 CVE-2022-43567: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrar In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.
nvd
CVE-2023-40598P3HIGHCVSS 8.8fixed in 9.0.2305.2002023-08-30
CVE-2023-40598 [HIGH] CWE-77 CVE-2023-40598: In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external loo In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.
nvd
CVE-2025-20371P3HIGHCVSS 8.8≥ 9.2.2406, < 9.2.2406.122≥ 9.3.2408, < 9.3.2408.119+1 more2025-10-01
CVE-2025-20371 [HIGH] CWE-918 CVE-2025-20371: In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versio In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.
nvd
CVE-2023-40595P3HIGHCVSS 8.8≤ 9.0.2305.1002023-08-30
CVE-2023-40595 [HIGH] CWE-502 CVE-2023-40595: In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a special In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.
nvd
CVE-2023-32708P3HIGHCVSS 8.8fixed in 9.0.2303.100≥ -, < 9.0.2303.1002023-06-01
CVE-2023-32708 [HIGH] CWE-113 CVE-2023-32708: In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions be In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.
nvd
CVE-2026-20252P3HIGHCVSS 7.6≥ 9.3.2411, < 9.3.2411.132≥ 10.1.2507, < 10.1.2507.22+3 more2026-06-10
CVE-2026-20252 [HIGH] CWE-918 CVE-2026-20252: In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard S
nvd
CVE-2026-20163P3HIGHCVSS 7.2≥ 9.3.2411, < 9.3.2411.124≥ 10.0.2503, < 10.0.2503.12+2 more2026-03-11
CVE-2026-20163 [HIGH] CWE-77 CVE-2026-20163: In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform ver In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/in
nvd
CVE-2022-43563P3HIGHCVSS 8.8fixed in 9.0.22032022-11-04
CVE-2022-43563 [HIGH] CWE-20 CVE-2022-43563: In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles fi In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request w
nvd
CVE-2026-20204P3HIGHCVSS 7.1≥ 9.3.2411, < 9.3.2411.127≥ 10.0.2503, < 10.0.2503.13+4 more2026-04-15
CVE-2026-20204 [HIGH] CWE-377 CVE-2026-20204: In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicio
nvd
CVE-2022-32151P3CRITICALCVSS 9.1fixed in 8.2.22032022-06-15
CVE-2022-32151 [CRITICAL] CWE-295 CVE-2022-32151: The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use t
nvd
CVE-2022-43565P3HIGHCVSS 8.8fixed in 9.0.22032022-11-04
CVE-2022-43565 [HIGH] CWE-20 CVE-2022-43565: In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javas In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into ini
nvd
CVE-2024-29946P3HIGHCVSS 8.1≥ -, < 9.1.2312.104≥ -, < 9.1.2308.2052024-03-27
CVE-2024-29946 [HIGH] CWE-20 CVE-2024-29946: In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protec In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
nvd
CVE-2022-32155P3HIGHCVSS 7.5fixed in 8.2.21062022-06-15
CVE-2022-32155 [HIGH] CWE-732 CVE-2022-32155: In universal forwarder versions before 9.0, management services are available remotely by default. W In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to loca
nvd
CVE-2023-22939P3HIGHCVSS 8.8fixed in 9.0.2209.3≥ -, < 9.0.2209.32023-02-14
CVE-2023-22939 [HIGH] CWE-20 CVE-2023-22939: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
nvd
CVE-2023-40597P3HIGHCVSS 8.8≤ 9.0.2305.1002023-08-30
CVE-2023-40597 [HIGH] CWE-36 CVE-2023-40597: In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolu In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
nvd