Splunk Cloud Platform vulnerabilities
111 known vulnerabilities affecting splunk/splunk_cloud_platform.
Total CVEs
111
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH32MEDIUM73LOW5
Vulnerabilities
Page 6 of 6
CVE-2024-45735P4MEDIUMCVSS 4.3fixed in 3.4.259≥ 3.6.0, < 3.6.172024-10-14
CVE-2024-45735 [MEDIUM] CWE-284 CVE-2024-45735: In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cl
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway A
nvd
CVE-2024-36989P4MEDIUMCVSS 4.3≥ 9.1.2312, < 9.1.2312.2002024-07-01
CVE-2024-36989 [MEDIUM] CWE-284 CVE-2024-36989: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.
nvd
CVE-2022-43561P4MEDIUMCVSS 4.8fixed in 9.0.22082022-11-03
CVE-2022-43561 [MEDIUM] CWE-79 CVE-2022-43561: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” S
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled.
nvd
CVE-2025-20227P4MEDIUMCVSS 4.3≥ 9.1.2308, < 9.1.2308.214≥ 9.1.2312, < 9.1.2312.208+5 more2025-03-26
CVE-2025-20227 [MEDIUM] CWE-20 CVE-2025-20227: In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versio
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards whi
nvd
CVE-2025-20321P4MEDIUMCVSS 4.3≥ 9.2.2406, < 9.2.2406.119≥ 9.3.2408, < 9.3.2408.114+1 more2025-07-07
CVE-2025-20321 [MEDIUM] CWE-352 CVE-2025-20321: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versio
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potent
nvd
CVE-2025-20322P4MEDIUMCVSS 4.3≥ 9.2.2406, < 9.2.2406.119≥ 9.3.2408, < 9.3.2408.113+1 more2025-07-07
CVE-2025-20322 [MEDIUM] CWE-352 CVE-2025-20322: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versi
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentia
nvd
CVE-2025-20379P4LOWCVSS 3.5≥ 9.3.2408, < 9.3.2408.124≥ 9.3.2411, < 9.3.2411.116+2 more2025-11-12
CVE-2025-20379 [LOW] CWE-200 CVE-2025-20379: In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versio
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the S
nvd
CVE-2024-36995P4LOWCVSS 3.5≥ 9.1.2308, < 9.1.2308.207≥ 9.1.2312, < 9.1.2312.2002024-07-01
CVE-2024-36995 [LOW] CWE-862 CVE-2024-36995: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.
nvd
CVE-2022-37438P4LOWCVSS 3.5≤ 8.2.2203.4≥ unspecified, < 9.0.22052022-08-16
CVE-2022-37438 [LOW] CWE-200 CVE-2022-37438: In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard th
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
nvd
CVE-2024-45737P4LOWCVSS 3.5≥ 9.1.2312, < 9.1.2312.204≥ 9.2.2403.102, < 9.2.2403.108+1 more2024-10-14
CVE-2024-45737 [LOW] CWE-352 CVE-2024-45737: In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
nvd
CVE-2025-20388P4LOWCVSS 2.7≥ 9.3.2411, < 9.3.2411.116≥ 10.0.2503, < 10.0.2503.6+1 more2025-12-03
CVE-2025-20388 [LOW] CWE-918 CVE-2025-20388: In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform vers
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search hea
nvd
← Previous6 / 6