Splunk Enterprise vulnerabilities
149 known vulnerabilities affecting splunk/splunk_enterprise.
Total CVEs
149
CISA KEV
1
actively exploited
Public exploits
6
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH45MEDIUM95LOW7
Vulnerabilities
Page 8 of 8
CVE-2023-22942P4MEDIUMCVSS 4.3≥ 8.1, < 8.1.13≥ 8.2, < 8.2.10+1 more2023-02-14
CVE-2023-22942 [MEDIUM] CWE-352 CVE-2023-22942: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the S
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request.
nvd
CVE-2025-20322P4MEDIUMCVSS 4.3≥ 9.4, < 9.4.3≥ 9.3, < 9.3.5+2 more2025-07-07
CVE-2025-20322 [MEDIUM] CWE-352 CVE-2025-20322: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versi
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentia
nvd
CVE-2025-20379P4LOWCVSS 3.5≥ 10.0, < 10.0.1≥ 9.4, < 9.4.5+2 more2025-11-12
CVE-2025-20379 [LOW] CWE-200 CVE-2025-20379: In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versio
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the S
nvd
CVE-2024-36995P4LOWCVSS 3.5≥ 9.2, < 9.2.2≥ 9.1, < 9.1.5+1 more2024-07-01
CVE-2024-36995 [LOW] CWE-862 CVE-2024-36995: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.
nvd
CVE-2022-37438P4LOWCVSS 3.5≥ 9.0, < 9.0.1≥ 8.2, < 8.2.7.1+1 more2022-08-16
CVE-2022-37438 [LOW] CWE-200 CVE-2022-37438: In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard th
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
nvd
CVE-2024-23676P4LOWCVSS 3.5≥ 9.0, < 9.0.8≥ 9.1, < 9.1.32024-01-22
CVE-2024-23676 [LOW] CWE-20 CVE-2024-23676: In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view
In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.
nvd
CVE-2024-45737P4LOWCVSS 3.5≥ 9.3, < 9.3.1≥ 9.2, < 9.2.3+1 more2024-10-14
CVE-2024-45737 [LOW] CWE-352 CVE-2024-45737: In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
nvd
CVE-2025-20388P4LOWCVSS 2.7≥ 10.0, < 10.0.1≥ 9.4, < 9.4.6+2 more2025-12-03
CVE-2025-20388 [LOW] CWE-918 CVE-2025-20388: In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform vers
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search hea
nvd
CVE-2023-32712P4LOWCVSS 3.1≥ 8.2, < 8.2.11.2≥ 9.0, < 9.0.5.1+1 more2023-06-01
CVE-2023-32712 [LOW] CWE-117 CVE-2023-32712: In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American
In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the vulnerable application. This attack requires a user to use
nvd
← Previous8 / 8