Splunk Enterprise vulnerabilities
139 known vulnerabilities affecting splunk/splunk_enterprise.
Total CVEs
139
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH43MEDIUM88LOW7
Vulnerabilities
Page 3 of 7
CVE-2025-20232MEDIUMCVSS 5.7≥ 9.3, < 9.3.3≥ 9.2, < 9.2.5+1 more2025-03-26
CVE-2025-20232 [MEDIUM] CWE-200 CVE-2025-20232: In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to b
cvelistv5nvd
CVE-2025-20227MEDIUMCVSS 4.3≥ 9.4, < 9.4.1≥ 9.3, < 9.3.3+2 more2025-03-26
CVE-2025-20227 [MEDIUM] CWE-20 CVE-2025-20227: In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versio
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards whi
cvelistv5nvd
CVE-2025-20230MEDIUMCVSS 6.5≥ 9.4, < 9.4.1≥ 9.3, < 9.3.3+2 more2025-03-26
CVE-2025-20230 [MEDIUM] CWE-284 CVE-2025-20230: In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gate
cvelistv5nvd
CVE-2025-20228MEDIUMCVSS 6.5≥ 9.3, < 9.3.3≥ 9.2, < 9.2.5+1 more2025-03-26
CVE-2025-20228 [MEDIUM] CWE-352 CVE-2025-20228: In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
cvelistv5nvd
CVE-2025-20231MEDIUMCVSS 5.7≥ 9.4, < 9.4.1≥ 9.3, < 9.3.3+2 more2025-03-26
CVE-2025-20231 [MEDIUM] CWE-532 CVE-2025-20231: In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitiv
cvelistv5nvd
CVE-2025-20226MEDIUMCVSS 5.7≥ 9.4, < 9.4.1≥ 9.3, < 9.3.3+2 more2025-03-26
CVE-2025-20226 [MEDIUM] CWE-200 CVE-2025-20226: In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform version
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safegu
cvelistv5nvd
CVE-2024-53247HIGHCVSS 8.8≥ 9.3, < 9.3.2≥ 9.2, < 9.2.4+1 more2024-12-10
CVE-2024-53247 [HIGH] CWE-502 CVE-2024-53247: In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 o
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE).
cvelistv5nvd
CVE-2024-53246HIGHCVSS 7.5≥ 9.3, < 9.3.2≥ 9.2, < 9.2.4+1 more2024-12-10
CVE-2024-53246 [HIGH] CWE-319 CVE-2024-53246: In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitatio
cvelistv5nvd
CVE-2024-53245MEDIUMCVSS 4.3≥ 9.2, < 9.2.4≥ 9.1, < 9.1.72024-12-10
CVE-2024-53245 [MEDIUM] CWE-200 CVE-2024-53245: In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
cvelistv5nvd
CVE-2024-53244MEDIUMCVSS 5.7≥ 9.3, < 9.3.2≥ 9.2, < 9.2.4+1 more2024-12-10
CVE-2024-53244 [MEDIUM] CWE-200 CVE-2024-53244: In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards fo
cvelistv5nvd
CVE-2024-53243MEDIUMCVSS 4.3≥ 9.3, < 9.3.2≥ 9.2, < 9.2.4+1 more2024-12-10
CVE-2024-53243 [MEDIUM] CWE-200 CVE-2024-53243: In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections e
cvelistv5nvd
CVE-2024-45731HIGHCVSS 8.0≥ 9.3, < 9.3.1≥ 9.2, < 9.2.3+1 more2024-10-14
CVE-2024-45731 [HIGH] CWE-23 CVE-2024-45731: In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive.
cvelistv5nvd
CVE-2024-45733HIGHCVSS 8.8≥ 9.2, < 9.2.3≥ 9.1, < 9.1.62024-10-14
CVE-2024-45733 [HIGH] CWE-502 CVE-2024-45733: In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.
cvelistv5nvd
CVE-2024-45738MEDIUMCVSS 4.9≥ 9.3, < 9.3.1≥ 9.2, < 9.2.3+1 more2024-10-14
CVE-2024-45738 [MEDIUM] CWE-200 CVE-2024-45738: In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensit
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level.
cvelistv5nvd
CVE-2024-45739MEDIUMCVSS 4.9≥ 9.3, < 9.3.1≥ 9.2, < 9.2.3+1 more2024-10-14
CVE-2024-45739 [MEDIUM] CWE-200 CVE-2024-45739: In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaint
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.
cvelistv5nvd
CVE-2024-45732MEDIUMCVSS 6.5≥ 9.3, < 9.3.1≥ 9.2, < 9.2.32024-10-14
CVE-2024-45732 [MEDIUM] CWE-862 CVE-2024-45732: In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could
cvelistv5nvd
CVE-2024-45734MEDIUMCVSS 4.3≥ 9.2, < 9.2.3≥ 9.1, < 9.1.62024-10-14
CVE-2024-45734 [MEDIUM] CWE-284 CVE-2024-45734: In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the
In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local i
cvelistv5nvd
CVE-2024-45740MEDIUMCVSS 5.4≥ 9.2, < 9.2.3≥ 9.1, < 9.1.62024-10-14
CVE-2024-45740 [MEDIUM] CWE-79 CVE-2024-45740: In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.240
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.
cvelistv5nvd
CVE-2024-45736MEDIUMCVSS 6.5≥ 9.3, < 9.3.1≥ 9.2, < 9.2.3+1 more2024-10-14
CVE-2024-45736 [MEDIUM] CWE-400 CVE-2024-45736: In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://doc
cvelistv5nvd
CVE-2024-45735MEDIUMCVSS 4.3≥ 9.2, < 9.2.3≥ 9.1, < 9.1.62024-10-14
CVE-2024-45735 [MEDIUM] CWE-284 CVE-2024-45735: In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cl
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway A
cvelistv5nvd