Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Splunk — Vulnerabilities & Security Advisories 155

Browse all 155 CVE security advisories affecting Splunk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Splunk:Splunk EnterpriseSplunk Add-on BuilderSplunk App for Lookup File EditingSplunk Enterprise Security (ES)Splunk MCP ServerSplunk App for StreamSplunk SOAR (On-premises)Splunk ITSISplunk App for SOARSplunk Supporting Add-on for Active DirectorySplunk/UniversalForwarder for WindowsSplunk Add-on for Palo Alto Networks
CVE IDTitleCVSSSeverityPublished
CVE-2023-22943 Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDK — Splunk Add-on BuilderCWE-636 4.8 Medium2023-02-14
CVE-2023-22933 Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise — Splunk EnterpriseCWE-79 8.0 High2023-02-14
CVE-2023-22932 Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise — Splunk EnterpriseCWE-79 8.0 High2023-02-14
CVE-2023-22942 Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise — Splunk EnterpriseCWE-352 5.4 Medium2023-02-14
CVE-2023-22936 Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise — Splunk EnterpriseCWE-918 6.3 Medium2023-02-14
CVE-2023-22931 ‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise — Splunk EnterpriseCWE-285 4.3 Medium2023-02-14
CVE-2023-22941 Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon — Splunk EnterpriseCWE-248 6.5 Medium2023-02-14
CVE-2023-22935 SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise — Splunk EnterpriseCWE-20 8.1 High2023-02-14
CVE-2023-22934 SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise — Splunk EnterpriseCWE-20 7.3 High2023-02-14
CVE-2023-22940 SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise — Splunk EnterpriseCWE-20 6.3 Medium2023-02-14
CVE-2022-43572 Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise — Splunk EnterpriseCWE-400 7.5 High2022-11-04
CVE-2022-43570 XML External Entity Injection through a custom View in Splunk Enterprise — Splunk EnterpriseCWE-611 8.8 High2022-11-04
CVE-2022-43569 Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise — Splunk EnterpriseCWE-79 8.0 High2022-11-04
CVE-2022-43568 Reflected Cross-Site Scripting via the radio template in Splunk Enterprise — Splunk EnterpriseCWE-79 8.8 High2022-11-04
CVE-2022-43567 Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature — Splunk EnterpriseCWE-502 8.8 High2022-11-04
CVE-2022-43566 Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise — Splunk EnterpriseCWE-20 7.3 High2022-11-04
CVE-2022-43565 Risky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise — Splunk EnterpriseCWE-20 8.1 High2022-11-04
CVE-2022-43564 Denial of Service in Splunk Enterprise through search macros — Splunk EnterpriseCWE-400 4.9 Medium2022-11-04
CVE-2022-43563 Risky command safeguards bypass via rex search command field names in Splunk Enterprise — Splunk EnterpriseCWE-20 8.1 High2022-11-04
CVE-2022-43562 Host Header Injection in Splunk Enterprise — Splunk EnterpriseCWE-20 3.0 Low2022-11-04
CVE-2022-43571 Remote Code Execution through dashboard PDF generation component in Splunk Enterprise — Splunk EnterpriseCWE-94 8.8 High2022-11-03
CVE-2022-43561 Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk Enterprise — Splunk EnterpriseCWE-79 6.4 Medium2022-11-03
CVE-2022-37437 Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation — Splunk EnterpriseCWE-295 7.4 High2022-08-16
CVE-2022-37439 Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input — Splunk EnterpriseCWE-409 5.5 Medium2022-08-16
CVE-2022-37438 Information disclosure via the dashboard drilldown in Splunk Enterprise — Splunk EnterpriseCWE-200 2.6 Low2022-08-16
CVE-2022-32152 Splunk Enterprise lacked TLS cert validation for Splunk-to-Splunk communication by default — Splunk EnterpriseCWE-295 8.1 High2022-06-15
CVE-2022-32156 Splunk Enterprise and Universal Forwarder CLI connections lacked TLS cert validation — Splunk EnterpriseCWE-295 8.1 High2022-06-14
CVE-2022-27183 Reflected XSS in a query parameter of the Monitoring Console — Splunk EnterpriseCWE-79 8.8 High2022-05-06
CVE-2022-26889 Path Traversal in search parameter results in external content injection — Splunk EnterpriseCWE-20 8.8 High2022-05-06
CVE-2022-26070 Error message discloses internal path — Splunk EnterpriseCWE-200 4.3 Medium2022-05-06

This page lists every published CVE security advisory associated with Splunk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.