Splunk Cloud Platform vulnerabilities
111 known vulnerabilities affecting splunk/splunk_cloud_platform.
Total CVEs
111
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH32MEDIUM73LOW5
Vulnerabilities
Page 3 of 6
CVE-2026-20240P3MEDIUMCVSS 6.5≥ 9.3.2411, < 9.3.2411.129≥ 10.0.2503, < 10.0.2503.13+5 more2026-05-20
CVE-2026-20240 [MEDIUM] CWE-20 CVE-2026-20240: In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform ve
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script i
nvd
CVE-2025-20389P3MEDIUMCVSS 6.5≥ 9.3.2411, < 9.3.2411.120≥ 10.0.2503, < 10.0.2503.8+1 more2025-12-03
CVE-2025-20389 [MEDIUM] CWE-20 CVE-2025-20389: In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Spl
nvd
CVE-2026-20165P3MEDIUMCVSS 6.5≥ 9.3.2411, < 9.3.2411.124≥ 10.0.2503, < 10.0.2503.12+2 more2026-03-11
CVE-2026-20165 [MEDIUM] CWE-532 CVE-2026-20165: In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform ver
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control
nvd
CVE-2023-40594P3HIGHCVSS 7.5≤ 9.0.2305.1002023-08-30
CVE-2023-40594 [HIGH] CWE-400 CVE-2023-40594: In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf`
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.
nvd
CVE-2024-36990P3MEDIUMCVSS 6.5≥ 9.1.2308, < 9.1.2308.209≥ 9.1.2312.100, < 9.1.2312.109+3 more2024-07-01
CVE-2024-36990 [MEDIUM] CWE-835 CVE-2024-36990: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.
nvd
CVE-2022-43570P3MEDIUMCVSS 6.5fixed in 9.0.22092022-11-04
CVE-2022-43570 [MEDIUM] CWE-611 CVE-2022-43570: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an e
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.
nvd
CVE-2024-45732P3MEDIUMCVSS 6.5fixed in 9.1.2308.208≥ 9.1.2312.100, < 9.1.2312.110+4 more2024-10-14
CVE-2024-45732 [MEDIUM] CWE-862 CVE-2024-45732: In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could
nvd
CVE-2026-20162P3MEDIUMCVSS 6.3≥ 9.3.2411, < 9.3.2411.123≥ 10.0.2503, < 10.0.2503.11+2 more2026-03-11
CVE-2026-20162 [MEDIUM] CWE-79 CVE-2026-20162: In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform vers
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a View (Settings - User Interface - Views) at the `/manager/
nvd
CVE-2025-20369P3MEDIUMCVSS 6.5≥ 9.2.2406, < 9.2.2406.123≥ 9.3.2408, < 9.3.2408.118+1 more2025-10-01
CVE-2025-20369 [MEDIUM] CWE-776 CVE-2025-20369: In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions belo
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE
nvd
CVE-2023-32706P4MEDIUMCVSS 6.5fixed in 9.0.2303.100≥ 9.0.2303 and below, < 9.0.2303.1002023-06-01
CVE-2023-32706 [MEDIUM] CWE-611 CVE-2023-32706: On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.
nvd
CVE-2024-45736P4MEDIUMCVSS 6.5≥ 9.1.2312, < 9.1.2312.111≥ 9.1.2312.200, < 9.1.2312.204+3 more2024-10-14
CVE-2024-45736 [MEDIUM] CWE-400 CVE-2024-45736: In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://doc
nvd
CVE-2023-22936P3MEDIUMCVSS 6.3fixed in 9.0.2209.3≥ -, < 9.0.2209.32023-02-14
CVE-2023-22936 [MEDIUM] CWE-918 CVE-2023-22936: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.
nvd
CVE-2026-20255P3MEDIUMCVSS 5.7≥ 9.3.2411, < 9.3.2411.132≥ 10.1.2507, < 10.1.2507.23+2 more2026-06-10
CVE-2026-20255 [MEDIUM] CWE-20 CVE-2026-20255: In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server.
The
nvd
CVE-2026-20137P4MEDIUMCVSS 5.7≥ 9.3.2408, < 9.3.2408.122≥ 9.3.2411, < 9.3.2411.112+4 more2026-02-18
CVE-2026-20137 [MEDIUM] CWE-200 CVE-2026-20137: In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platfo
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an i
nvd
CVE-2023-32716P4MEDIUMCVSS 6.5fixed in 9.0.2303.100≥ -, < 9.0.2303.1002023-06-01
CVE-2023-32716 [MEDIUM] CWE-754 CVE-2023-32716: In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions be
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.
nvd
CVE-2026-20139P4MEDIUMCVSS 4.3≥ 9.3.2411, < 9.3.2411.121≥ 10.0.2503, < 10.0.2503.9+2 more2026-02-18
CVE-2026-20139 [MEDIUM] CWE-400 CVE-2026-20139: In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platf
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/
nvd
CVE-2024-53244P4MEDIUMCVSS 5.7≥ 9.1.2312, < 9.1.2312.206≥ 9.2.2403, < 9.2.2403.109+1 more2024-12-10
CVE-2024-53244 [MEDIUM] CWE-200 CVE-2024-53244: In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards fo
nvd
CVE-2025-20232P4MEDIUMCVSS 5.7≥ 9.1.2308, < 9.1.2308.212≥ 9.1.2312.100, < 9.1.2312.208+7 more2025-03-26
CVE-2025-20232 [MEDIUM] CWE-200 CVE-2025-20232: In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to b
nvd
CVE-2025-20226P4MEDIUMCVSS 5.7≥ 9.1.2308, < 9.1.2308.214≥ 9.2.2406.100, < 9.2.2406.111+3 more2025-03-26
CVE-2025-20226 [MEDIUM] CWE-200 CVE-2025-20226: In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform version
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safegu
nvd
CVE-2026-20256P4MEDIUMCVSS 5.7≥ 9.3.2411, < 9.3.2411.132≥ 10.1.2507, < 10.1.2507.23+2 more2026-06-10
CVE-2026-20256 [MEDIUM] CWE-20 CVE-2026-20256: In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site u
nvd