Vulnerabilities > Splunk > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-15 CVE-2022-32154 Command Injection vulnerability in Splunk
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request.
network
high complexity
splunk CWE-77
4.0
2022-06-15 CVE-2022-32155 Incorrect Permission Assignment for Critical Resource vulnerability in Splunk
In universal forwarder versions before 9.0, management services are available remotely by default.
network
low complexity
splunk CWE-732
5.0
2022-06-15 CVE-2022-32157 Missing Authentication for Critical Function vulnerability in Splunk
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles.
network
low complexity
splunk CWE-306
5.0
2022-06-02 CVE-2022-27774 Insufficiently Protected Credentials vulnerability in multiple products
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
network
low complexity
haxx debian netapp brocade splunk CWE-522
5.7
2022-06-02 CVE-2022-27776 Insufficiently Protected Credentials vulnerability in multiple products
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
6.5
2022-06-02 CVE-2022-27779 libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies.
network
low complexity
haxx netapp splunk
5.3
2022-06-02 CVE-2022-30115 Cleartext Transmission of Sensitive Information vulnerability in multiple products
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL.
network
low complexity
haxx netapp splunk CWE-319
4.3
2022-05-06 CVE-2021-26253 Unspecified vulnerability in Splunk
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6.
network
splunk
6.8
2022-05-06 CVE-2021-33845 Information Exposure Through Discrepancy vulnerability in Splunk
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message.
network
low complexity
splunk CWE-203
5.0
2022-05-06 CVE-2021-42743 Uncontrolled Search Path Element vulnerability in Splunk
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.
local
low complexity
splunk CWE-427
4.6