cbcvebase.

Splunk Enterprise vulnerabilities

149 known vulnerabilities affecting splunk/splunk_enterprise.

Total CVEs
149
CISA KEV
1
actively exploited
Public exploits
6
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH45MEDIUM95LOW7

Vulnerabilities

Page 3 of 8
CVE-2021-3422P3HIGHCVSS 7.5v8.2 version(s) before 8.2.0v8.1 version(s) before 8.1.3+2 more2022-03-25
CVE-2021-3422 [HIGH] CWE-125 CVE-2021-3422: The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of- The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. W
nvd
CVE-2024-53246P3HIGHCVSS 7.5≥ 9.3, < 9.3.2≥ 9.2, < 9.2.4+1 more2024-12-10
CVE-2024-53246 [HIGH] CWE-319 CVE-2024-53246: In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitatio
nvd
CVE-2025-20320P3HIGHCVSS 7.3≥ 9.4, < 9.4.3≥ 9.3, < 9.3.5+2 more2025-07-07
CVE-2025-20320 [HIGH] CWE-35 CVE-2025-20320: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versio In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a d
nvd
CVE-2023-22941P3HIGHCVSS 7.5≥ 8.1, < 8.1.13≥ 8.2, < 8.2.10+1 more2023-02-14
CVE-2023-22941 [HIGH] CWE-248 CVE-2023-22941: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).
nvd
CVE-2025-20386P3MEDIUMCVSS 6.5≥ 10.0, < 10.0.2≥ 9.4, < 9.4.6+2 more2025-12-03
CVE-2025-20386 [MEDIUM] CWE-732 CVE-2025-20386: In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.
nvd
CVE-2025-20387P3MEDIUMCVSS 6.5≥ 10.0, < 10.0.2≥ 9.4, < 9.4.6+2 more2025-12-03
CVE-2025-20387 [MEDIUM] CWE-732 CVE-2025-20387: In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new ins In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.
nvd
CVE-2021-42743P3HIGHCVSS 7.8v8.1 version(s) before 8.1.12022-05-06
CVE-2021-42743 [HIGH] CWE-427 CVE-2021-42743: A misconfiguration in the node default path allows for local privilege escalation from a lower privi A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.
nvd
CVE-2026-20202P3MEDIUMCVSS 6.6≥ 10.2, < 10.2.2≥ 10.0, < 10.0.5+2 more2026-04-15
CVE-2026-20202 [MEDIUM] CWE-176 CVE-2026-20202: In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a
nvd
CVE-2026-20239P3MEDIUMCVSS 6.5≥ 10.2, < 10.2.2≥ 10.0, < 10.0.52026-05-20
CVE-2026-20239 [MEDIUM] CWE-532 CVE-2026-20239: In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3 In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.
nvd
CVE-2024-36987P3MEDIUMCVSS 6.5≥ 9.2, < 9.2.2≥ 9.1, < 9.1.5+1 more2024-07-01
CVE-2024-36987 [MEDIUM] CWE-434 CVE-2024-36987: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.
nvd
CVE-2025-20297P3MEDIUMCVSS 5.4≥ 9.4, < 9.4.2≥ 9.3, < 9.3.4+2 more2025-06-02
CVE-2025-20297 [MEDIUM] CWE-79 CVE-2025-20297: In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript
nvd
CVE-2024-45741P3MEDIUMCVSS 5.4≥ 9.2, < 9.2.3≥ 9.1, < 9.1.62024-10-14
CVE-2024-45741 [MEDIUM] CWE-79 CVE-2024-45741: In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.240 In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Spl
nvd
CVE-2024-36982P3HIGHCVSS 7.5≥ 9.2, < 9.2.2≥ 9.1, < 9.1.5+1 more2024-07-01
CVE-2024-36982 [HIGH] CWE-476 CVE-2024-36982: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.
nvd
CVE-2023-40593P3HIGHCVSS 7.5≥ 8.2, < 8.2.12≥ 9.0, < 9.0.62023-08-30
CVE-2023-40593 [HIGH] CWE-400 CVE-2023-40593: In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed se In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.
nvd
CVE-2025-20366P3MEDIUMCVSS 6.5≥ 10.0, < 10.0.0≥ 9.4, < 9.4.4+2 more2025-10-01
CVE-2025-20366 [MEDIUM] CWE-284 CVE-2025-20366: In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privile
nvd
CVE-2025-20230P3MEDIUMCVSS 6.5≥ 9.4, < 9.4.1≥ 9.3, < 9.3.3+2 more2025-03-26
CVE-2025-20230 [MEDIUM] CWE-284 CVE-2025-20230: In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3. In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gate
nvd
CVE-2026-20141P3MEDIUMCVSS 6.5≥ 10.0, < 10.0.3≥ 9.4, < 9.4.8+1 more2026-02-18
CVE-2026-20141 [MEDIUM] CWE-200 CVE-2026-20141: In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.The Monitoring Console app is a bundled app that comes with Splunk Ente
nvd
CVE-2024-36997P3HIGHCVSS 8.1≥ 9.2, < 9.2.2≥ 9.1, < 9.1.5+1 more2024-07-01
CVE-2024-36997 [HIGH] CWE-79 CVE-2024-36997: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.
nvd
CVE-2019-8331P3MEDIUMCVSS 6.1≥ 8.1, < 8.1.14≥ 8.2, < 8.2.11+1 more2019-02-20
CVE-2019-8331 [MEDIUM] CWE-79 CVE-2019-8331: In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-tem In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
nvd
CVE-2026-20240P3MEDIUMCVSS 6.5≥ 10.2, < 10.2.2≥ 10.0, < 10.0.5+2 more2026-05-20
CVE-2026-20240 [MEDIUM] CWE-20 CVE-2026-20240: In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform ve In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script i
nvd
Splunk Enterprise vulnerabilities | cvebase