cbcvebase.

Splunk Enterprise vulnerabilities

149 known vulnerabilities affecting splunk/splunk_enterprise.

Total CVEs
149
CISA KEV
1
actively exploited
Public exploits
6
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH45MEDIUM95LOW7

Vulnerabilities

Page 2 of 8
CVE-2022-43563P3HIGHCVSS 8.8≥ 8.1, < 8.1.12≥ 8.2, < 8.2.92022-11-04
CVE-2022-43563 [HIGH] CWE-20 CVE-2022-43563: In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles fi In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request w
nvd
CVE-2026-20204P3HIGHCVSS 7.1≥ 10.2, < 10.2.1≥ 10.0, < 10.0.5+2 more2026-04-15
CVE-2026-20204 [HIGH] CWE-377 CVE-2026-20204: In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicio
nvd
CVE-2022-43565P3HIGHCVSS 8.8≥ 8.1, < 8.1.12≥ 8.2, < 8.2.92022-11-04
CVE-2022-43565 [HIGH] CWE-20 CVE-2022-43565: In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javas In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into ini
nvd
CVE-2024-29946P3HIGHCVSS 8.1≥ 9.2, < 9.2.1≥ 9.1, < 9.1.4+1 more2024-03-27
CVE-2024-29946 [HIGH] CWE-20 CVE-2024-29946: In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protec In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
nvd
CVE-2021-31559P3HIGHCVSS 7.5v8.2 version(s) before 8.2.1vVersion(s) before 8.1.52022-05-06
CVE-2021-31559 [HIGH] CWE-288 CVE-2021-31559: A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splu A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.
nvd
CVE-2023-22939P3HIGHCVSS 8.8≥ 8.1, < 8.1.13≥ 8.2, < 8.2.10+1 more2023-02-14
CVE-2023-22939 [HIGH] CWE-20 CVE-2023-22939: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
nvd
CVE-2022-26889P3HIGHCVSS 8.8vVersion(s) before 8.1.22022-05-06
CVE-2022-26889 [HIGH] CWE-20 CVE-2022-26889: In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web pa In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attac
nvd
CVE-2024-23678P3HIGHCVSS 8.8≥ 9.0, < 9.0.8≥ 9.1, < 9.1.32024-01-22
CVE-2024-23678 [HIGH] CWE-20 CVE-2024-23678: In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctl In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows.
nvd
CVE-2023-40597P3HIGHCVSS 8.8≥ 8.2, < 8.2.12≥ 9.0, < 9.0.6+1 more2023-08-30
CVE-2023-40597 [HIGH] CWE-36 CVE-2023-40597: In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolu In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
nvd
CVE-2021-26253P3HIGHCVSS 8.1vVersion(s) before 8.1.62022-05-06
CVE-2021-26253 [HIGH] CWE-287 CVE-2021-26253: A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.
nvd
CVE-2023-22935P3HIGHCVSS 8.8≥ 8.1, < 8.1.13≥ 8.2, < 8.2.10+1 more2023-02-14
CVE-2023-22935 [HIGH] CWE-20 CVE-2023-22935: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sen In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
nvd
CVE-2022-43568P3MEDIUMCVSS 6.1≥ 8.1, < 8.1.12≥ 8.2, < 8.2.9+1 more2022-11-04
CVE-2022-43568 [MEDIUM] CWE-79 CVE-2022-43568: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Si In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.
nvd
CVE-2022-32156P3HIGHCVSS 8.1fixed in 9.0.02022-06-15
CVE-2022-32156 [HIGH] CWE-295 CVE-2022-32156: In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI https://docs.splunk.com/Documentation/Splunk/9.0.0/Security
nvd
CVE-2023-40596P3HIGHCVSS 8.8≥ 8.2, < 8.2.12≥ 9.0, < 9.0.6+1 more2023-08-30
CVE-2023-40596 [HIGH] CWE-665 CVE-2023-40596: In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) th In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.
nvd
CVE-2023-22934P3HIGHCVSS 8.0≥ 8.1, < 8.1.13≥ 8.2, < 8.2.10+1 more2023-02-14
CVE-2023-22934 [HIGH] CWE-20 CVE-2023-22934: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing languag In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.
nvd
CVE-2022-43566P3HIGHCVSS 8.0≥ 8.1, < 8.1.12≥ 8.2, < 8.2.9+1 more2022-11-04
CVE-2022-43566 [HIGH] CWE-20 CVE-2022-43566: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky co In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the
nvd
CVE-2024-29945P3HIGHCVSS 7.2≥ 9.2, < 9.2.1≥ 9.1, < 9.1.4+1 more2024-03-27
CVE-2024-29945 [HIGH] CWE-532 CVE-2024-29945: In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authen In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level.
nvd
CVE-2026-20164P3MEDIUMCVSS 6.5≥ 10.0, < 10.0.3≥ 9.4, < 9.4.9+1 more2026-03-11
CVE-2026-20164 [MEDIUM] CWE-200 CVE-2026-20164: In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform ver In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords` REST API endpoint, which expose
nvd
CVE-2024-45731P3HIGHCVSS 8.0≥ 9.3, < 9.3.1≥ 9.2, < 9.2.3+1 more2024-10-14
CVE-2024-45731 [HIGH] CWE-23 CVE-2024-45731: In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive.
nvd
CVE-2022-32152P3HIGHCVSS 7.2≥ 9.0, < 9.02022-06-15
CVE-2022-32152 [HIGH] CWE-295 CVE-2022-32152: Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could
nvd
Splunk Enterprise vulnerabilities | cvebase