Splunk Cloud Platform vulnerabilities
111 known vulnerabilities affecting splunk/splunk_cloud_platform.
Total CVEs
111
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH32MEDIUM73LOW5
Vulnerabilities
Page 2 of 6
CVE-2022-32153P3HIGHCVSS 8.1fixed in 8.2.22032022-06-15
CVE-2022-32153 [HIGH] CWE-297 CVE-2022-32153: Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could
nvd
CVE-2023-22935P3HIGHCVSS 8.8fixed in 9.0.2209.3≥ -, < 9.0.2209.32023-02-14
CVE-2023-22935 [HIGH] CWE-20 CVE-2023-22935: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sen
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
nvd
CVE-2022-43568P3MEDIUMCVSS 6.1fixed in 9.0.22052022-11-04
CVE-2022-43568 [MEDIUM] CWE-79 CVE-2022-43568: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Si
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.
nvd
CVE-2023-22934P3HIGHCVSS 8.0fixed in 9.0.2209.3≥ -, < 9.0.2209.32023-02-14
CVE-2023-22934 [HIGH] CWE-20 CVE-2023-22934: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing languag
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.
nvd
CVE-2022-43566P3HIGHCVSS 8.0fixed in 9.0.22082022-11-04
CVE-2022-43566 [HIGH] CWE-20 CVE-2022-43566: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky co
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the
nvd
CVE-2026-20164P3MEDIUMCVSS 6.5≥ 9.3.2411, < 9.3.2411.123≥ 10.0.2503, < 10.0.2503.11+2 more2026-03-11
CVE-2026-20164 [MEDIUM] CWE-200 CVE-2026-20164: In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform ver
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords` REST API endpoint, which expose
nvd
CVE-2022-32154P3HIGHCVSS 8.1fixed in 8.2.21062022-06-15
CVE-2022-32154 [HIGH] CWE-20 CVE-2022-32154: Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search comman
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Document
nvd
CVE-2022-32152P3HIGHCVSS 7.2fixed in 8.2.2203≥ 8.2, < 8.2.22032022-06-15
CVE-2022-32152 [HIGH] CWE-295 CVE-2022-32152: Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could
nvd
CVE-2024-53246P3HIGHCVSS 7.5≥ 9.1.2312, < 9.1.2312.206≥ 9.2.2403, < 9.2.2403.111+2 more2024-12-10
CVE-2024-53246 [HIGH] CWE-319 CVE-2024-53246: In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitatio
nvd
CVE-2025-20320P3HIGHCVSS 7.3≥ 9.2.2406, < 9.2.2406.121≥ 9.3.2408, < 9.3.2408.117+1 more2025-07-07
CVE-2025-20320 [HIGH] CWE-35 CVE-2025-20320: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versio
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a d
nvd
CVE-2023-22941P3HIGHCVSS 7.5fixed in 9.0.2209.3≥ -, < 9.0.22122023-02-14
CVE-2023-22941 [HIGH] CWE-248 CVE-2023-22941: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).
nvd
CVE-2026-20202P3MEDIUMCVSS 6.6≥ 9.3.2411, < 9.3.2411.127≥ 10.0.2503, < 10.0.2503.13+4 more2026-04-15
CVE-2026-20202 [MEDIUM] CWE-176 CVE-2026-20202: In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a
nvd
CVE-2026-20239P3MEDIUMCVSS 6.5≥ 10.0.2503, < 10.0.2503.13≥ 10.1.2507, < 10.1.2507.21+2 more2026-05-20
CVE-2026-20239 [MEDIUM] CWE-532 CVE-2026-20239: In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.
nvd
CVE-2024-36987P3MEDIUMCVSS 6.5≥ 9.1.2312, < 9.1.2312.2002024-07-01
CVE-2024-36987 [MEDIUM] CWE-434 CVE-2024-36987: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.
nvd
CVE-2025-20297P3MEDIUMCVSS 5.4≥ 9.2.2406, < 9.2.2406.118≥ 9.3.2408, < 9.3.2408.111+1 more2025-06-02
CVE-2025-20297 [MEDIUM] CWE-79 CVE-2025-20297: In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript
nvd
CVE-2024-45741P3MEDIUMCVSS 5.4≥ 9.1.2312, < 9.1.2312.205≥ 9.2.2403.100, < 9.2.2403.108+1 more2024-10-14
CVE-2024-45741 [MEDIUM] CWE-79 CVE-2024-45741: In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.240
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Spl
nvd
CVE-2024-36982P3HIGHCVSS 7.5≥ 9.1.2312, < 9.1.2312.109≥ 9.1.2308, < 9.1.2308.2072024-07-01
CVE-2024-36982 [HIGH] CWE-476 CVE-2024-36982: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.
nvd
CVE-2023-40593P3HIGHCVSS 7.5≤ 9.0.2305.1002023-08-30
CVE-2023-40593 [HIGH] CWE-400 CVE-2023-40593: In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed se
In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.
nvd
CVE-2025-20366P3MEDIUMCVSS 6.5≥ 9.2.2406, < 9.2.2406.122≥ 9.3.2408, < 9.3.2408.119+1 more2025-10-01
CVE-2025-20366 [MEDIUM] CWE-284 CVE-2025-20366: In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions belo
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privile
nvd
CVE-2024-36997P3HIGHCVSS 8.1≥ 9.1.2312, < 9.1.2312.1002024-07-01
CVE-2024-36997 [HIGH] CWE-79 CVE-2024-36997: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.
nvd