Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Splunk Enterprise — Vulnerabilities & Security Advisories 147

All 147 CVE vulnerabilities found in Splunk Enterprise, with AI-generated Chinese analysis, references, and POCs.

Vendor: Splunk Inc.

CVE IDTitleCVSSSeverityPublished
CVE-2024-45731 Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk CWE-23 8.0 High2024-10-14
CVE-2024-45735 Improper Access Control for low-privileged user in Splunk Secure Gateway App CWE-284 4.3 Medium2024-10-14
CVE-2024-36997 Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint CWE-79 4.6 High2024-07-01
CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin CWE-79 5.4 Medium2024-07-01
CVE-2024-36995 Low-privileged user could create experimental items CWE-862 4.3 Medium2024-07-01
CVE-2024-36991 Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows CWE-35 7.5 High2024-07-01
CVE-2024-36982 Denial of Service through null pointer reference in “cluster/config” REST endpoint CWE-476 7.5 High2024-07-01
CVE-2024-36990 Denial of Service (DoS) on the datamodel/web REST endpoint CWE-835 6.5 Medium2024-07-01
CVE-2024-36985 Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise CWE-687 8.8 High2024-07-01
CVE-2024-36992 Persistent Cross-site Scripting (XSS) in Dashboard Elements CWE-79 5.4 Medium2024-07-01
CVE-2024-36984 Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows CWE-502 8.8 High2024-07-01
CVE-2024-36983 Command Injection using External Lookups CWE-77 8.0 High2024-07-01
CVE-2024-36986 Risky command safeguards bypass through Search ID query in Analytics Workspace CWE-200 6.3 Medium2024-07-01
CVE-2024-36996 Information Disclosure of user names CWE-204 5.3 Medium2024-07-01
CVE-2024-36994 Persistent Cross-site Scripting (XSS) in Dashboard Elements CWE-79 5.4 Medium2024-07-01
CVE-2024-36989 Low-privileged user could create notifications in Splunk Web Bulletin Messages CWE-284 6.5 High2024-07-01
CVE-2024-36987 Insecure File Upload in the indexing/preview REST endpoint CWE-434 4.3 Medium2024-07-01
CVE-2024-29945 Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise CWE-532 7.2 High2024-03-27
CVE-2024-29946 Risky command safeguards bypass in Dashboard Examples Hub CWE-20 8.1 High2024-03-27
CVE-2024-23676 Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command CWE-20 4.6 Medium2024-01-22
CVE-2024-23678 Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition CWE-20 7.5 High2024-01-22
CVE-2024-23677 Server Response Disclosure in RapidDiag Salesforce.com Log File CWE-532 4.3 Medium2024-01-22
CVE-2024-23675 Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion CWE-284 6.5 Medium2024-01-22
CVE-2023-46213 Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page CWE-79 4.8 Medium2023-11-16
CVE-2023-46214 Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing CWE-91 8.0 High2023-11-16
CVE-2023-40597 Absolute Path Traversal in Splunk Enterprise Using runshellscript.py CWE-36 7.8 High2023-08-30
CVE-2023-40596 Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL CWE-665 7.0 High2023-08-30
CVE-2023-40594 Denial of Service (DoS) via the ‘printf’ Search Function CWE-400 6.5 Medium2023-08-30
CVE-2023-40593 Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request CWE-400 6.3 Medium2023-08-30
CVE-2023-40592 Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint CWE-79 8.4 High2023-08-30

All 147 known CVE vulnerabilities affecting Splunk Enterprise with full Chinese analysis, references, and POCs where available.