Splunk Cloud Platform vulnerabilities
101 known vulnerabilities affecting splunk/splunk_cloud_platform.
Total CVEs
101
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH30MEDIUM65LOW5
Vulnerabilities
Page 5 of 6
CVE-2023-22931MEDIUMCVSS 4.3fixed in 8.2.2203≥ -, < 8.2.22032023-02-14
CVE-2023-22931 [MEDIUM] CWE-285 CVE-2023-22931: In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overw
In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.
cvelistv5nvd
CVE-2023-22932MEDIUMCVSS 6.1fixed in 9.0.2209.3≥ -, < 9.0.2209.32023-02-14
CVE-2023-22932 [MEDIUM] CWE-79 CVE-2023-22932: In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.
cvelistv5nvd
CVE-2023-22937MEDIUMCVSS 4.3fixed in 9.0.2209.3≥ -, < 9.0.2209.32023-02-14
CVE-2023-22937 [MEDIUM] CWE-20 CVE-2023-22937: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.
cvelistv5nvd
CVE-2022-43567HIGHCVSS 8.8fixed in 9.0.22052022-11-04
CVE-2022-43567 [HIGH] CWE-502 CVE-2022-43567: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrar
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.
nvd
CVE-2022-43563HIGHCVSS 8.8fixed in 9.0.22032022-11-04
CVE-2022-43563 [HIGH] CWE-20 CVE-2022-43563: In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles fi
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request w
nvd
CVE-2022-43566HIGHCVSS 8.0fixed in 9.0.22082022-11-04
CVE-2022-43566 [HIGH] CWE-20 CVE-2022-43566: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky co
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the
nvd
CVE-2022-43565HIGHCVSS 8.8fixed in 9.0.22032022-11-04
CVE-2022-43565 [HIGH] CWE-20 CVE-2022-43565: In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javas
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into ini
nvd
CVE-2022-43569MEDIUMCVSS 5.4fixed in 9.0.22092022-11-04
CVE-2022-43569 [MEDIUM] CWE-79 CVE-2022-43569: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and s
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.
nvd
CVE-2022-43572MEDIUMCVSS 6.5fixed in 9.0.22092022-11-04
CVE-2022-43572 [MEDIUM] CWE-400 CVE-2022-43572: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the S
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing.
nvd
CVE-2022-43570MEDIUMCVSS 6.5fixed in 9.0.22092022-11-04
CVE-2022-43570 [MEDIUM] CWE-611 CVE-2022-43570: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an e
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. The XXE injection causes Splunk Web to embed incorrect documents into an error.
nvd
CVE-2022-43568MEDIUMCVSS 6.1fixed in 9.0.22052022-11-04
CVE-2022-43568 [MEDIUM] CWE-79 CVE-2022-43568: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Si
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.
nvd
CVE-2022-43564MEDIUMCVSS 6.5fixed in 9.0.22052022-11-04
CVE-2022-43564 [MEDIUM] CWE-400 CVE-2022-43564: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search ma
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros.
nvd
CVE-2022-43562MEDIUMCVSS 5.4fixed in 9.0.22082022-11-04
CVE-2022-43562 [MEDIUM] CWE-20 CVE-2022-43562: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly va
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.
nvd
CVE-2022-43571HIGHCVSS 8.8fixed in 9.0.22092022-11-03
CVE-2022-43571 [HIGH] CWE-94 CVE-2022-43571: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbi
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.
nvd
CVE-2022-43561MEDIUMCVSS 4.8fixed in 9.0.22082022-11-03
CVE-2022-43561 [MEDIUM] CWE-79 CVE-2022-43561: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” S
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled.
nvd
CVE-2022-37438LOWCVSS 3.5≤ 8.2.2203.4≥ unspecified, < 9.0.22052022-08-16
CVE-2022-37438 [LOW] CWE-200 CVE-2022-37438: In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard th
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
cvelistv5nvd
CVE-2022-32151CRITICALCVSS 9.1fixed in 8.2.22032022-06-15
CVE-2022-32151 [CRITICAL] CWE-295 CVE-2022-32151: The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use t
nvd
CVE-2022-32152HIGHCVSS 7.2fixed in 8.2.2203≥ 8.2, < 8.2.22032022-06-15
CVE-2022-32152 [HIGH] CWE-295 CVE-2022-32152: Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could
cvelistv5nvd
CVE-2022-32155HIGHCVSS 7.5fixed in 8.2.21062022-06-15
CVE-2022-32155 [HIGH] CWE-732 CVE-2022-32155: In universal forwarder versions before 9.0, management services are available remotely by default. W
In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to loca
nvd
CVE-2022-32153HIGHCVSS 8.1fixed in 8.2.22032022-06-15
CVE-2022-32153 [HIGH] CWE-297 CVE-2022-32153: Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could
nvd