Vulnerabilities > Splunk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-26 | CVE-2022-22576 | Missing Authentication for Critical Function vulnerability in multiple products An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. | 8.1 |
| 2022-05-06 | CVE-2021-26253 | Unspecified vulnerability in Splunk A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. | 8.1 |
| 2022-05-06 | CVE-2021-31559 | Unspecified vulnerability in Splunk A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. | 7.5 |
| 2022-05-06 | CVE-2021-33845 | Information Exposure Through Discrepancy vulnerability in Splunk The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. | 5.3 |
| 2022-05-06 | CVE-2021-42743 | Uncontrolled Search Path Element vulnerability in Splunk A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. | 7.8 |
| 2022-05-06 | CVE-2022-26070 | Information Exposure Through an Error Message vulnerability in Splunk When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. | 4.3 |
| 2022-05-06 | CVE-2022-26889 | Path Traversal vulnerability in Splunk 8.1.0/8.1.1 In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. | 8.8 |
| 2022-05-06 | CVE-2022-27183 | Cross-site Scripting vulnerability in Splunk 8.1.0/8.1.1/8.1.2 The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. | 6.1 |
| 2022-03-25 | CVE-2021-3422 | Improper Input Validation vulnerability in Splunk The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. | 7.5 |
| 2021-09-29 | CVE-2021-22946 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). | 7.5 |