Vulnerabilities > Splunk > Cloud > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-36982 NULL Pointer Dereference vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.
network
low complexity
splunk CWE-476
7.5
2023-11-16 CVE-2023-46214 XML Injection (aka Blind XPath Injection) vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply.
network
low complexity
splunk CWE-91
8.8