cbcvebase.

Splunk Enterprise vulnerabilities

149 known vulnerabilities affecting splunk/splunk_enterprise.

Total CVEs
149
CISA KEV
1
actively exploited
Public exploits
6
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH45MEDIUM95LOW7

Vulnerabilities

Page 6 of 8
CVE-2026-20138P4MEDIUMCVSS 4.9≥ 10.0, < 10.0.2≥ 9.4, < 9.4.7+2 more2026-02-18
CVE-2026-20138 [MEDIUM] CWE-532 CVE-2026-20138: In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Sea In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the `integrationKey`, `secretKey`, and `appSecretKey` secrets, generated by [Duo Two-Factor Authentication for Splunk Enterprise](https://duo.com
nvd
CVE-2024-36993P4MEDIUMCVSS 5.4≥ 9.2, < 9.2.2≥ 9.1, < 9.1.5+1 more2024-07-01
CVE-2024-36993 [MEDIUM] CWE-79 CVE-2024-36993: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the brows
nvd
CVE-2024-45740P4MEDIUMCVSS 5.4≥ 9.2, < 9.2.3≥ 9.1, < 9.1.62024-10-14
CVE-2024-45740 [MEDIUM] CWE-79 CVE-2024-45740: In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.240 In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.
nvd
CVE-2024-36994P4MEDIUMCVSS 5.4≥ 9.2, < 9.2.2≥ 9.1, < 9.1.5+1 more2024-07-01
CVE-2024-36994 [MEDIUM] CWE-79 CVE-2024-36994: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in
nvd
CVE-2023-32710P4MEDIUMCVSS 5.3≥ 8.1, < 8.1.14≥ 8.2, < 8.2.11+1 more2023-06-01
CVE-2023-32710 [MEDIUM] CWE-200 CVE-2023-32710: In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.
nvd
CVE-2024-36996P4MEDIUMCVSS 5.3≥ 9.2, < 9.2.2≥ 9.1, < 9.1.5+1 more2024-07-01
CVE-2024-36996 [MEDIUM] CWE-204 CVE-2024-36996: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additiona
nvd
CVE-2025-20228P4MEDIUMCVSS 6.5≥ 9.3, < 9.3.3≥ 9.2, < 9.2.5+1 more2025-03-26
CVE-2025-20228 [MEDIUM] CWE-352 CVE-2025-20228: In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
nvd
CVE-2024-36992P4MEDIUMCVSS 5.4≥ 9.2, < 9.2.2≥ 9.1, < 9.1.5+1 more2024-07-01
CVE-2024-36992 [MEDIUM] CWE-79 CVE-2024-36992: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url”
nvd
CVE-2024-45739P4MEDIUMCVSS 4.9≥ 9.3, < 9.3.1≥ 9.2, < 9.2.3+1 more2024-10-14
CVE-2024-45739 [MEDIUM] CWE-200 CVE-2024-45739: In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaint In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.
nvd
CVE-2023-40592P4MEDIUMCVSS 6.1≥ 8.2, < 8.2.12≥ 9.0, < 9.0.6+1 more2023-08-30
CVE-2023-40592 [MEDIUM] CWE-79 CVE-2023-40592: In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web re In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.
nvd
CVE-2024-23677P4MEDIUMCVSS 5.3≥ 9.0, < 9.0.82024-01-22
CVE-2024-23677 [MEDIUM] CWE-532 CVE-2024-23677: In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses f In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.
nvd
CVE-2025-20370P4MEDIUMCVSS 4.9≥ 10.0, < 10.0.1≥ 9.4, < 9.4.4+2 more2025-10-01
CVE-2025-20370 [MEDIUM] CWE-400 CVE-2025-20370: In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versi In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU us
nvd
CVE-2023-22933P4MEDIUMCVSS 6.1≥ 8.1, < 8.1.13≥ 8.2, < 8.2.10+1 more2023-02-14
CVE-2023-22933 [MEDIUM] CWE-79 CVE-2023-22933: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scriptin In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.
nvd
CVE-2022-27183P4MEDIUMCVSS 6.1vVersion(s) before 8.1.42022-05-06
CVE-2022-27183 [MEDIUM] CWE-79 CVE-2022-27183: The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query para The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is
nvd
CVE-2022-43569P4MEDIUMCVSS 5.4≥ 8.1, < 8.1.12≥ 8.2, < 8.2.9+1 more2022-11-04
CVE-2022-43569 [MEDIUM] CWE-79 CVE-2022-43569: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and s In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model.
nvd
CVE-2021-33845P4MEDIUMCVSS 5.3vVersion(s) before 8.1.72022-05-06
CVE-2021-33845 [MEDIUM] CWE-203 CVE-2021-33845: The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The po The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.
nvd
CVE-2022-43562P4MEDIUMCVSS 5.4≥ 8.1, < 8.1.12≥ 8.2, < 8.2.9+1 more2022-11-04
CVE-2022-43562 [MEDIUM] CWE-20 CVE-2022-43562: In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly va In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.
nvd
CVE-2025-20385P4MEDIUMCVSS 4.8≥ 10.0, < 10.0.2≥ 9.4, < 9.4.6+2 more2025-12-03
CVE-2025-20385 [MEDIUM] CWE-79 CVE-2025-20385: In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform vers In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, w
nvd
CVE-2023-32709P4MEDIUMCVSS 4.3≥ 8.1, < 8.1.14≥ 8.2, < 8.2.11+1 more2023-06-01
CVE-2023-32709 [MEDIUM] CWE-285 CVE-2023-32709: In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions be In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.
nvd
CVE-2026-20203P4MEDIUMCVSS 4.3≥ 10.2, < 10.2.2≥ 10.0, < 10.0.5+2 more2026-04-15
CVE-2026-20203 [MEDIUM] CWE-284 CVE-2026-20203: In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles, has write permission on the app, and does not hold the high-privilege capa
nvd
Splunk Enterprise vulnerabilities | cvebase