Vulnerabilities > Splunk > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-30 CVE-2023-40594 Unspecified vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.
network
low complexity
splunk
7.5
2023-08-30 CVE-2023-40595 Deserialization of Untrusted Data vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data.
network
low complexity
splunk CWE-502
8.8
2023-08-30 CVE-2023-40596 Uncontrolled Search Path Element vulnerability in Splunk
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition.
local
low complexity
splunk CWE-427
8.8
2023-08-30 CVE-2023-40597 Path Traversal vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
local
low complexity
splunk CWE-22
8.8
2023-08-30 CVE-2023-40598 Missing Authentication for Critical Function vulnerability in Splunk
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function.
network
low complexity
splunk CWE-306
8.8
2023-08-30 CVE-2023-4571 Improper Encoding or Escaping of Output vulnerability in Splunk IT Service Intelligence
In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application.
local
low complexity
splunk CWE-116
8.6
2023-07-31 CVE-2023-3997 Improper Encoding or Escaping of Output vulnerability in Splunk Soar 6.0.1.123902
Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal.
local
low complexity
splunk CWE-116
7.8
2023-06-01 CVE-2023-32707 Unspecified vulnerability in Splunk and Splunk Cloud Platform
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
network
low complexity
splunk
8.8
2023-06-01 CVE-2023-32708 Interpretation Conflict vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.
network
low complexity
splunk CWE-436
8.8
2023-06-01 CVE-2023-32714 Path Traversal vulnerability in Splunk and Splunk APP for Lookup File Editing
In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.
network
low complexity
splunk CWE-22
8.1