Latest Splunk Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2014-08-12 CVE-2014-5197 Path Traversal vulnerability in Splunk 6.1.2/6.1/6.1.1
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a ..
4.0
2014-08-12 CVE-2014-5198 Cross-Site Scripting vulnerability in Splunk 6.1.2/6.1/6.1.1
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
4.3
2014-08-07 CVE-2013-6771 Path Traversal vulnerability in Splunk
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a ..
9.3
2014-08-07 CVE-2013-7394 Code Injection vulnerability in Splunk
The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string.
9.0
2014-04-02 CVE-2014-2578 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2014-01-23 CVE-2012-6447 Cross-Site Scripting vulnerability in Splunk 5.0/5.0.2/5.0.1
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2013-11-25 CVE-2013-6870 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2013-04-10 CVE-2013-2766 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2012-08-17 CVE-2012-1908 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
4.3
2012-01-03 CVE-2011-4642 Cross-Site Request Forgery (CSRF) vulnerability in Splunk
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.
4.6