cbcvebase.

Splunk Cloud Platform vulnerabilities

111 known vulnerabilities affecting splunk/splunk_cloud_platform.

Total CVEs
111
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH32MEDIUM73LOW5

Vulnerabilities

Page 4 of 6
CVE-2026-20254P3MEDIUMCVSS 5.7≥ 9.3.2411, < 9.3.2411.132≥ 10.1.2507, < 10.1.2507.23+2 more2026-06-10
CVE-2026-20254 [MEDIUM] CWE-20 CVE-2026-20254: In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a
nvd
CVE-2026-20257P4MEDIUMCVSS 5.7≥ 9.3.2411, < 9.3.2411.132≥ 10.1.2507, < 10.1.2507.23+2 more2026-06-10
CVE-2026-20257 [MEDIUM] CWE-20 CVE-2026-20257: In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privilege
nvd
CVE-2026-20259P4MEDIUMCVSS 5.5≥ 9.3.2411, < 9.3.2411.131≥ 10.0.2503, < 10.0.2503.14+3 more2026-06-10
CVE-2026-20259 [MEDIUM] CWE-284 CVE-2026-20259: In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their author
nvd
CVE-2025-20384P4MEDIUMCVSS 5.3≥ 9.3.2411, < 9.3.2411.117≥ 10.0.2503, < 10.0.2503.6+1 more2025-12-03
CVE-2025-20384 [MEDIUM] CWE-117 CVE-2025-20384: In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform vers In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files due to improper validation at the /en-US/static/ web endpoint. This may a
nvd
CVE-2022-43572P4MEDIUMCVSS 6.5fixed in 9.0.22092022-11-04
CVE-2022-43572 [MEDIUM] CWE-400 CVE-2022-43572: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the S In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing.
nvd
CVE-2024-36986P4MEDIUMCVSS 5.7≥ 9.1.2312, < 9.1.2312.200≥ 9.1.2308, < 9.1.2308.2072024-07-01
CVE-2024-36986 [MEDIUM] CWE-200 CVE-2024-36986: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user
nvd
CVE-2026-20166P4MEDIUMCVSS 5.4≥ 10.0.2503, < 10.0.2503.12≥ 10.1.2507, < 10.1.2507.16+1 more2026-03-11
CVE-2026-20166 [MEDIUM] CWE-200 CVE-2026-20166: In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2 In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access co
nvd
CVE-2025-20378P4MEDIUMCVSS 6.1≥ 9.3.2408, < 9.3.2408.121≥ 9.3.2411, < 9.3.2411.111+1 more2025-11-12
CVE-2025-20378 [MEDIUM] CWE-601 CVE-2025-20378: In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the `return_to` parameter of the Splunk Web login endpoint. When an authenticated user visits the malicious URL, it could cause an unvalida
nvd
CVE-2025-20324P4MEDIUMCVSS 5.4≥ 9.2.2406, < 9.2.2406.119≥ 9.3.2408, < 9.3.2408.113+1 more2025-07-07
CVE-2025-20324 [MEDIUM] CWE-284 CVE-2025-20324: In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versio In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.2
nvd
CVE-2025-20325P4MEDIUMCVSS 5.3≥ 9.2.2406, < 9.2.2406.119≥ 9.3.2408, < 9.3.2408.113+1 more2025-07-07
CVE-2025-20325 [MEDIUM] CWE-200 CVE-2025-20325: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versi In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/d
nvd
CVE-2022-43564P4MEDIUMCVSS 6.5fixed in 9.0.22052022-11-04
CVE-2022-43564 [MEDIUM] CWE-400 CVE-2022-43564: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search ma In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.
nvd
CVE-2023-22940P4MEDIUMCVSS 5.7fixed in 9.0.2209.3≥ -, < 9.0.22122023-02-14
CVE-2023-22940 [MEDIUM] CWE-20 CVE-2023-22940: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search proce In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivilege
nvd
CVE-2025-20368P4MEDIUMCVSS 5.4≥ 9.2.2406, < 9.2.2406.123≥ 9.3.2408, < 9.3.2408.118+1 more2025-10-01
CVE-2025-20368 [MEDIUM] CWE-79 CVE-2025-20368: In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection details of a saved search. This could result in execut
nvd
CVE-2025-20367P4MEDIUMCVSS 5.4≥ 9.2.2406, < 9.2.2406.122≥ 9.3.2408, < 9.3.2408.119+1 more2025-10-01
CVE-2025-20367 [MEDIUM] CWE-79 CVE-2025-20367: In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the `dataset.command` parameter of the `/app/search/table` endpoint, which could result i
nvd
CVE-2026-20144P4MEDIUMCVSS 4.9≥ 9.3.2411, < 9.3.2411.120≥ 10.0.2503, < 10.0.2503.9+1 more2026-02-18
CVE-2026-20144 [MEDIUM] CWE-532 CVE-2026-20144: In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platf In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML
nvd
CVE-2025-20382P4MEDIUMCVSS 5.4≥ 9.3.2411, < 9.3.2411.120≥ 10.0.2503, < 10.0.2503.8+1 more2025-12-03
CVE-2025-20382 [MEDIUM] CWE-601 CVE-2025-20382: In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform vers In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a views dashboard with a custom background using the `data:image/png;base64` protocol that could potentia
nvd
CVE-2026-20258P4MEDIUMCVSS 5.4≥ 9.3.2411, < 9.3.2411.132≥ 10.1.2507, < 10.1.2507.23+2 more2026-06-10
CVE-2026-20258 [MEDIUM] CWE-79 CVE-2026-20258: In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code
nvd
CVE-2024-36993P4MEDIUMCVSS 5.4≥ 9.1.2308, < 9.1.2308.207≥ 9.1.2312, < 9.1.2312.2002024-07-01
CVE-2024-36993 [MEDIUM] CWE-79 CVE-2024-36993: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the brows
nvd
CVE-2024-45740P4MEDIUMCVSS 5.4fixed in 9.2.2403.100≥ 9.2.2403, < 9.2.2403.1002024-10-14
CVE-2024-45740 [MEDIUM] CWE-79 CVE-2024-45740: In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.240 In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.
nvd
CVE-2024-36994P4MEDIUMCVSS 5.4≥ 9.1.2308, ≤ 9.1.2308.207≥ 9.1.2312, < 9.1.2312.200+1 more2024-07-01
CVE-2024-36994 [MEDIUM] CWE-79 CVE-2024-36994: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in
nvd
Splunk Cloud Platform vulnerabilities | cvebase