Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Splunk — Vulnerabilities & Security Advisories 155

Browse all 155 CVE security advisories affecting Splunk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Splunk:Splunk EnterpriseSplunk Add-on BuilderSplunk App for Lookup File EditingSplunk Enterprise Security (ES)Splunk MCP ServerSplunk App for StreamSplunk SOAR (On-premises)Splunk ITSISplunk App for SOARSplunk Supporting Add-on for Active DirectorySplunk/UniversalForwarder for WindowsSplunk Add-on for Palo Alto Networks
CVE IDTitleCVSSSeverityPublished
CVE-2024-45737 Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF) — Splunk EnterpriseCWE-352 4.3 Medium2024-10-14
CVE-2024-45732 Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app — Splunk EnterpriseCWE-862 7.1 High2024-10-14
CVE-2024-45733 Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows — Splunk EnterpriseCWE-502 8.8 High2024-10-14
CVE-2024-45736 Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon — Splunk EnterpriseCWE-400 6.5 Medium2024-10-14
CVE-2024-45741 Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise — Splunk EnterpriseCWE-79 5.4 Medium2024-10-14
CVE-2024-45734 Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard — Splunk EnterpriseCWE-284 4.3 Medium2024-10-14
CVE-2024-45740 Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise — Splunk EnterpriseCWE-79 5.4 Medium2024-10-14
CVE-2024-45731 Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk — Splunk EnterpriseCWE-23 8.0 High2024-10-14
CVE-2024-45735 Improper Access Control for low-privileged user in Splunk Secure Gateway App — Splunk EnterpriseCWE-284 4.3 Medium2024-10-14
CVE-2024-36997 Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint — Splunk EnterpriseCWE-79 4.6 High2024-07-01
CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin — Splunk EnterpriseCWE-79 5.4 Medium2024-07-01
CVE-2024-36995 Low-privileged user could create experimental items — Splunk EnterpriseCWE-862 4.3 Medium2024-07-01
CVE-2024-36991 Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows — Splunk EnterpriseCWE-35 7.5 High2024-07-01
CVE-2024-36982 Denial of Service through null pointer reference in “cluster/config” REST endpoint — Splunk EnterpriseCWE-476 7.5 High2024-07-01
CVE-2024-36990 Denial of Service (DoS) on the datamodel/web REST endpoint — Splunk EnterpriseCWE-835 6.5 Medium2024-07-01
CVE-2024-36985 Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise — Splunk EnterpriseCWE-687 8.8 High2024-07-01
CVE-2024-36992 Persistent Cross-site Scripting (XSS) in Dashboard Elements — Splunk EnterpriseCWE-79 5.4 Medium2024-07-01
CVE-2024-36984 Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows — Splunk EnterpriseCWE-502 8.8 High2024-07-01
CVE-2024-36983 Command Injection using External Lookups — Splunk EnterpriseCWE-77 8.0 High2024-07-01
CVE-2024-36986 Risky command safeguards bypass through Search ID query in Analytics Workspace — Splunk EnterpriseCWE-200 6.3 Medium2024-07-01
CVE-2024-36996 Information Disclosure of user names — Splunk EnterpriseCWE-204 5.3 Medium2024-07-01
CVE-2024-36994 Persistent Cross-site Scripting (XSS) in Dashboard Elements — Splunk EnterpriseCWE-79 5.4 Medium2024-07-01
CVE-2024-36989 Low-privileged user could create notifications in Splunk Web Bulletin Messages — Splunk EnterpriseCWE-284 6.5 High2024-07-01
CVE-2024-36987 Insecure File Upload in the indexing/preview REST endpoint — Splunk EnterpriseCWE-434 4.3 Medium2024-07-01
CVE-2024-29945 Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise — Splunk EnterpriseCWE-532 7.2 High2024-03-27
CVE-2024-29946 Risky command safeguards bypass in Dashboard Examples Hub — Splunk EnterpriseCWE-20 8.1 High2024-03-27
CVE-2023-46230 Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder — Splunk Add-on BuilderCWE-532 8.2 High2024-01-30
CVE-2023-46231 Session Token Disclosure to Internal Log Files in Splunk Add-on Builder — Splunk Add-on BuilderCWE-532 8.8 Medium2024-01-30
CVE-2024-23676 Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command — Splunk EnterpriseCWE-20 4.6 Medium2024-01-22
CVE-2024-23678 Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition — Splunk EnterpriseCWE-20 7.5 High2024-01-22

This page lists every published CVE security advisory associated with Splunk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.