Splunk Cloud Platform vulnerabilities
111 known vulnerabilities affecting splunk/splunk_cloud_platform.
Total CVEs
111
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH32MEDIUM73LOW5
Vulnerabilities
Page 5 of 6
CVE-2023-32710P4MEDIUMCVSS 5.3fixed in 9.0.2303.100≥ -, < 9.0.2303.1002023-06-01
CVE-2023-32710 [MEDIUM] CWE-200 CVE-2023-32710: In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.
nvd
CVE-2024-36996P4MEDIUMCVSS 5.3≥ 9.1.2312, < 9.1.2312.1092024-07-01
CVE-2024-36996 [MEDIUM] CWE-204 CVE-2024-36996: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additiona
nvd
CVE-2025-20228P4MEDIUMCVSS 6.5≥ 9.1.2312, < 9.1.2312.204≥ 9.2.2403.100, < 9.2.2403.107+1 more2025-03-26
CVE-2025-20228 [MEDIUM] CWE-352 CVE-2025-20228: In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
nvd
CVE-2024-36992P4MEDIUMCVSS 5.4≥ 9.1.2308, < 9.1.2308.207≥ 9.1.2312, < 9.1.2312.2002024-07-01
CVE-2024-36992 [MEDIUM] CWE-79 CVE-2024-36992: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url”
nvd
CVE-2023-40592P4MEDIUMCVSS 6.1≤ 9.0.2305.1002023-08-30
CVE-2023-40592 [MEDIUM] CWE-79 CVE-2023-40592: In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web re
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.
nvd
CVE-2025-20370P4MEDIUMCVSS 4.9≥ 9.2.2406, < 9.2.2406.123≥ 9.3.2408, < 9.3.2408.118+1 more2025-10-01
CVE-2025-20370 [MEDIUM] CWE-400 CVE-2025-20370: In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versi
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU us
nvd
CVE-2023-22933P4MEDIUMCVSS 6.1fixed in 9.0.2209≥ -, < 9.0.22092023-02-14
CVE-2023-22933 [MEDIUM] CWE-79 CVE-2023-22933: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scriptin
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.
nvd
CVE-2022-43569P4MEDIUMCVSS 5.4fixed in 9.0.22092022-11-04
CVE-2022-43569 [MEDIUM] CWE-79 CVE-2022-43569: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and s
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.
nvd
CVE-2022-43562P4MEDIUMCVSS 5.4fixed in 9.0.22082022-11-04
CVE-2022-43562 [MEDIUM] CWE-20 CVE-2022-43562: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly va
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.
nvd
CVE-2025-20385P4MEDIUMCVSS 4.8≥ 9.3.2411, < 9.3.2411.117≥ 10.0.2503, < 10.0.2503.7+1 more2025-12-03
CVE-2025-20385 [MEDIUM] CWE-79 CVE-2025-20385: In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform vers
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, w
nvd
CVE-2023-32709P4MEDIUMCVSS 4.3fixed in 9.0.2303.100≥ -, < 9.0.2303.1002023-06-01
CVE-2023-32709 [MEDIUM] CWE-285 CVE-2023-32709: In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions be
In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.
nvd
CVE-2026-20203P4MEDIUMCVSS 4.3≥ 9.3.2411, < 9.3.2411.127≥ 10.0.2503, < 10.0.2503.13+4 more2026-04-15
CVE-2026-20203 [MEDIUM] CWE-284 CVE-2026-20203: In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles, has write permission on the app, and does not hold the high-privilege capa
nvd
CVE-2023-22932P4MEDIUMCVSS 6.1fixed in 9.0.2209.3≥ -, < 9.0.2209.32023-02-14
CVE-2023-22932 [MEDIUM] CWE-79 CVE-2023-22932: In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.
nvd
CVE-2025-20383P4MEDIUMCVSS 4.3≥ 9.3.2411, < 9.3.2411.120≥ 10.0.2503, < 10.0.2503.8+1 more2025-12-03
CVE-2025-20383 [MEDIUM] CWE-200 CVE-2025-20383: In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description o
nvd
CVE-2023-22938P4MEDIUMCVSS 4.3fixed in 9.0.2209.3≥ -, < 9.0.22122023-02-14
CVE-2023-22938 [MEDIUM] CWE-285 CVE-2023-22938: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint let
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.
nvd
CVE-2025-20300P4MEDIUMCVSS 4.3≥ 9.2.2406, < 9.2.2406.118≥ 9.3.2408, < 9.3.2408.112+2 more2025-07-07
CVE-2025-20300 [MEDIUM] CWE-863 CVE-2025-20300: In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform version
In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression
nvd
CVE-2023-22937P4MEDIUMCVSS 4.3fixed in 9.0.2209.3≥ -, < 9.0.2209.32023-02-14
CVE-2023-22937 [MEDIUM] CWE-20 CVE-2023-22937: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.
nvd
CVE-2023-32717P4MEDIUMCVSS 4.3fixed in 9.0.2303.100≥ -, < 9.0.2303.1002023-06-01
CVE-2023-32717 [MEDIUM] CWE-285 CVE-2023-32717: On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.
nvd
CVE-2023-22931P4MEDIUMCVSS 4.3fixed in 8.2.2203≥ -, < 8.2.22032023-02-14
CVE-2023-22931 [MEDIUM] CWE-285 CVE-2023-22931: In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overw
In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.
nvd
CVE-2024-53245P4MEDIUMCVSS 4.3≥ 9.1.2312, < 9.1.2312.2062024-12-10
CVE-2024-53245 [MEDIUM] CWE-200 CVE-2024-53245: In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
nvd