Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Splunk Enterprise — Vulnerabilities & Security Advisories 147

All 147 CVE vulnerabilities found in Splunk Enterprise, with AI-generated Chinese analysis, references, and POCs.

Vendor: Splunk Inc.

CVE IDTitleCVSSSeverityPublished
CVE-2023-40595 Remote Code Execution via Serialized Session Payload CWE-502 8.8 High2023-08-30
CVE-2023-40598 Command Injection in Splunk Enterprise Using External Lookups CWE-77 8.5 High2023-08-30
CVE-2023-32709 Low-privileged User can View Hashed Default Splunk Password CWE-285 4.3 Medium2023-06-01
CVE-2023-32707 ‘edit_user’ Capability Privilege Escalation CWE-285 8.8 High2023-06-01
CVE-2023-32712 Unauthenticated Log Injection in Splunk Enterprise CWE-117 8.6 High2023-06-01
CVE-2023-32716 Denial of Service via the 'dump' SPL command CWE-754 6.5 Medium2023-06-01
CVE-2023-32710 Information Disclosure via the ‘copyresults’ SPL Command CWE-200 4.8 Medium2023-06-01
CVE-2023-32717 Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results CWE-285 4.3 Medium2023-06-01
CVE-2023-32706 Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication CWE-611 7.7 High2023-06-01
CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View CWE-79 5.4 Medium2023-06-01
CVE-2023-32708 HTTP Response Splitting via the ‘rest’ SPL Command CWE-113 7.2 High2023-06-01
CVE-2023-22939 SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise CWE-20 8.1 High2023-02-14
CVE-2023-22938 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise CWE-285 4.3 Medium2023-02-14
CVE-2023-22937 Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise CWE-20 4.3 Medium2023-02-14
CVE-2023-22933 Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise CWE-79 8.0 High2023-02-14
CVE-2023-22932 Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise CWE-79 8.0 High2023-02-14
CVE-2023-22942 Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise CWE-352 5.4 Medium2023-02-14
CVE-2023-22936 Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise CWE-918 6.3 Medium2023-02-14
CVE-2023-22931 ‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise CWE-285 4.3 Medium2023-02-14
CVE-2023-22941 Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon CWE-248 6.5 Medium2023-02-14
CVE-2023-22935 SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise CWE-20 8.1 High2023-02-14
CVE-2023-22934 SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise CWE-20 7.3 High2023-02-14
CVE-2023-22940 SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise CWE-20 6.3 Medium2023-02-14
CVE-2022-43572 Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise CWE-400 7.5 High2022-11-04
CVE-2022-43570 XML External Entity Injection through a custom View in Splunk Enterprise CWE-611 8.8 High2022-11-04
CVE-2022-43569 Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise CWE-79 8.0 High2022-11-04
CVE-2022-43568 Reflected Cross-Site Scripting via the radio template in Splunk Enterprise CWE-79 8.8 High2022-11-04
CVE-2022-43567 Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature CWE-502 8.8 High2022-11-04
CVE-2022-43566 Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise CWE-20 7.3 High2022-11-04
CVE-2022-43565 Risky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise CWE-20 8.1 High2022-11-04

All 147 known CVE vulnerabilities affecting Splunk Enterprise with full Chinese analysis, references, and POCs where available.