Vulnerabilities > Splunk

DATE CVE VULNERABILITY TITLE RISK
2023-08-30 CVE-2023-40598 Missing Authentication for Critical Function vulnerability in Splunk
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function.
network
low complexity
splunk CWE-306
8.8
2023-08-30 CVE-2023-4571 Improper Encoding or Escaping of Output vulnerability in Splunk IT Service Intelligence
In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application.
local
low complexity
splunk CWE-116
8.6
2023-07-31 CVE-2023-3997 Improper Encoding or Escaping of Output vulnerability in Splunk Soar 6.0.1.123902
Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal.
local
low complexity
splunk CWE-116
7.8
2023-06-01 CVE-2023-32706 XXE vulnerability in Splunk and Splunk Cloud Platform
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.
network
low complexity
splunk CWE-611
6.5
2023-06-01 CVE-2023-32707 Unspecified vulnerability in Splunk and Splunk Cloud Platform
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
network
low complexity
splunk
8.8
2023-06-01 CVE-2023-32708 Interpretation Conflict vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.
network
low complexity
splunk CWE-436
8.8
2023-06-01 CVE-2023-32709 Unspecified vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.0.5, 8.2.11.
network
low complexity
splunk
4.3
2023-06-01 CVE-2023-32710 Unspecified vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.
network
high complexity
splunk
5.3
2023-06-01 CVE-2023-32711 Cross-site Scripting vulnerability in Splunk
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload.
network
low complexity
splunk CWE-79
5.4
2023-06-01 CVE-2023-32712 Improper Encoding or Escaping of Output vulnerability in Splunk
In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the vulnerable application.
network
high complexity
splunk CWE-116
3.1