Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Splunk — Vulnerabilities & Security Advisories 155

Browse all 155 CVE security advisories affecting Splunk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Splunk:Splunk EnterpriseSplunk Add-on BuilderSplunk App for Lookup File EditingSplunk Enterprise Security (ES)Splunk MCP ServerSplunk App for StreamSplunk SOAR (On-premises)Splunk ITSISplunk App for SOARSplunk Supporting Add-on for Active DirectorySplunk/UniversalForwarder for WindowsSplunk Add-on for Palo Alto Networks
CVE IDTitleCVSSSeverityPublished
CVE-2024-23677 Server Response Disclosure in RapidDiag Salesforce.com Log File — Splunk EnterpriseCWE-532 4.3 Medium2024-01-22
CVE-2024-23675 Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion — Splunk EnterpriseCWE-284 6.5 Medium2024-01-22
CVE-2024-22164 Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments — Splunk Enterprise Security (ES)CWE-400 4.3 Medium2024-01-09
CVE-2024-22165 Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation — Splunk Enterprise Security (ES)CWE-20 6.5 Medium2024-01-09
CVE-2023-46213 Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page — Splunk EnterpriseCWE-79 4.8 Medium2023-11-16
CVE-2023-46214 Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing — Splunk EnterpriseCWE-91 8.0 High2023-11-16
CVE-2023-40597 Absolute Path Traversal in Splunk Enterprise Using runshellscript.py — Splunk EnterpriseCWE-36 7.8 High2023-08-30
CVE-2023-40596 Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL — Splunk EnterpriseCWE-665 7.0 High2023-08-30
CVE-2023-40594 Denial of Service (DoS) via the ‘printf’ Search Function — Splunk EnterpriseCWE-400 6.5 Medium2023-08-30
CVE-2023-40593 Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request — Splunk EnterpriseCWE-400 6.3 Medium2023-08-30
CVE-2023-4571 Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI) — Splunk ITSICWE-117 8.6 High2023-08-30
CVE-2023-40592 Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint — Splunk EnterpriseCWE-79 8.4 High2023-08-30
CVE-2023-40595 Remote Code Execution via Serialized Session Payload — Splunk EnterpriseCWE-502 8.8 High2023-08-30
CVE-2023-40598 Command Injection in Splunk Enterprise Using External Lookups — Splunk EnterpriseCWE-77 8.5 High2023-08-30
CVE-2023-3997 Unauthenticated Log Injection In Splunk SOAR — Splunk SOAR (On-premises)CWE-117 8.6 High2023-07-31
CVE-2023-32709 Low-privileged User can View Hashed Default Splunk Password — Splunk EnterpriseCWE-285 4.3 Medium2023-06-01
CVE-2023-32707 ‘edit_user’ Capability Privilege Escalation — Splunk EnterpriseCWE-285 8.8 High2023-06-01
CVE-2023-32714 Path Traversal in Splunk App for Lookup File Editing — Splunk App for Lookup File EditingCWE-35 8.1 High2023-06-01
CVE-2023-32713 Local Privilege Escalation via the ‘streamfwd’ program in Splunk App for Stream — Splunk App for StreamCWE-269 7.8 High2023-06-01
CVE-2023-32712 Unauthenticated Log Injection in Splunk Enterprise — Splunk EnterpriseCWE-117 8.6 High2023-06-01
CVE-2023-32716 Denial of Service via the 'dump' SPL command — Splunk EnterpriseCWE-754 6.5 Medium2023-06-01
CVE-2023-32710 Information Disclosure via the ‘copyresults’ SPL Command — Splunk EnterpriseCWE-200 4.8 Medium2023-06-01
CVE-2023-32717 Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results — Splunk EnterpriseCWE-285 4.3 Medium2023-06-01
CVE-2023-32715 Self Cross-Site Scripting (XSS) on Splunk App for Lookup File Editing — Splunk App for Lookup File EditingCWE-79 4.7 Medium2023-06-01
CVE-2023-32706 Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication — Splunk EnterpriseCWE-611 7.7 High2023-06-01
CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View — Splunk EnterpriseCWE-79 5.4 Medium2023-06-01
CVE-2023-32708 HTTP Response Splitting via the ‘rest’ SPL Command — Splunk EnterpriseCWE-113 7.2 High2023-06-01
CVE-2023-22939 SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise — Splunk EnterpriseCWE-20 8.1 High2023-02-14
CVE-2023-22938 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise — Splunk EnterpriseCWE-285 4.3 Medium2023-02-14
CVE-2023-22937 Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise — Splunk EnterpriseCWE-20 4.3 Medium2023-02-14

This page lists every published CVE security advisory associated with Splunk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.