Vulnerabilities > Splunk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-06 | CVE-2021-26253 | Unspecified vulnerability in Splunk A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. network splunk | 6.8 |
| 2022-05-06 | CVE-2021-31559 | Unspecified vulnerability in Splunk A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. | 7.5 |
| 2022-05-06 | CVE-2021-33845 | Information Exposure Through Discrepancy vulnerability in Splunk The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. | 5.0 |
| 2022-05-06 | CVE-2021-42743 | Uncontrolled Search Path Element vulnerability in Splunk A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. | 4.6 |
| 2022-05-06 | CVE-2022-26070 | Information Exposure Through an Error Message vulnerability in Splunk When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. | 4.0 |
| 2022-05-06 | CVE-2022-26889 | Path Traversal vulnerability in Splunk 8.1.0/8.1.1 In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. | 8.8 |
| 2022-05-06 | CVE-2022-27183 | Cross-site Scripting vulnerability in Splunk 8.1.0/8.1.1/8.1.2 The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. | 4.3 |
| 2022-03-25 | CVE-2021-3422 | Improper Input Validation vulnerability in Splunk The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. | 4.3 |
| 2021-09-29 | CVE-2021-22946 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). | 7.5 |
| 2021-09-29 | CVE-2021-22947 | Insufficient Verification of Data Authenticity vulnerability in multiple products When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. | 5.9 |