Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Splunk Enterprise — Vulnerabilities & Security Advisories 147

All 147 CVE vulnerabilities found in Splunk Enterprise, with AI-generated Chinese analysis, references, and POCs.

Vendor: Splunk Inc.

CVE IDTitleCVSSSeverityPublished
CVE-2022-43564 Denial of Service in Splunk Enterprise through search macros CWE-400 4.9 Medium2022-11-04
CVE-2022-43563 Risky command safeguards bypass via rex search command field names in Splunk Enterprise CWE-20 8.1 High2022-11-04
CVE-2022-43562 Host Header Injection in Splunk Enterprise CWE-20 3.0 Low2022-11-04
CVE-2022-43571 Remote Code Execution through dashboard PDF generation component in Splunk Enterprise CWE-94 8.8 High2022-11-03
CVE-2022-43561 Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise CWE-79 6.4 Medium2022-11-03
CVE-2022-37437 Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation CWE-295 7.4 High2022-08-16
CVE-2022-37439 Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input CWE-409 5.5 Medium2022-08-16
CVE-2022-37438 Information disclosure via the dashboard drilldown in Splunk Enterprise CWE-200 2.6 Low2022-08-16
CVE-2022-32158 Splunk Enterprise deployment servers allow client publishing of forwarder bundles CWE-284 9.0 Critical2022-06-15
CVE-2022-32157 Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads CWE-306 7.5 High2022-06-15
CVE-2022-32154 Risky commands warnings in Splunk Enterprise Dashboards CWE-20 6.8 Medium2022-06-15
CVE-2022-32153 Splunk Enterprise lacked TLS host name validation CWE-297 8.1 High2022-06-15
CVE-2022-32152 Splunk Enterprise lacked TLS cert validation for Splunk-to-Splunk communication by default CWE-295 8.1 High2022-06-15
CVE-2022-32151 Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default CWE-295 7.4 High2022-06-15
CVE-2022-32156 Splunk Enterprise and Universal Forwarder CLI connections lacked TLS cert validation CWE-295 8.1 High2022-06-14
CVE-2022-27183 Reflected XSS in a query parameter of the Monitoring Console CWE-79 8.8 High2022-05-06
CVE-2022-26889 Path Traversal in search parameter results in external content injection CWE-20 8.8 High2022-05-06
CVE-2022-26070 Error message discloses internal path CWE-200 4.3 Medium2022-05-06
CVE-2021-42743 Local privilege escalation via a default path in Splunk Enterprise Windows CWE-427 8.8 High2022-05-06
CVE-2021-33845 Username enumeration through lockout message in REST API CWE-203 5.3 Medium2022-05-06
CVE-2021-31559 S2S TcpToken authentication bypass CWE-288 7.5 High2022-05-06
CVE-2021-26253 Bypass of Splunk Enterprise's implementation of DUO MFA CWE-287 8.1 High2022-05-06
CVE-2021-3422 Indexer denial-of-service via malformed S2S request CWE-125 7.5 High2022-03-25
CVE-2016-4856 Splunk Enterprise和Splunk Light 跨站脚本漏洞 4.8 -2017-05-12
CVE-2016-4857 Splunk Enterprise和Splunk Light 安全漏洞 6.1 -2017-05-12
CVE-2016-4858 Splunk Enterprise和Splunk Light 跨站脚本漏洞 4.8 -2017-05-12
CVE-2016-4859 Splunk Enterprise和Splunk Light 安全漏洞 6.1 -2017-05-12

All 147 known CVE vulnerabilities affecting Splunk Enterprise with full Chinese analysis, references, and POCs where available.