Vulnerabilities > Splunk > Splunk > 4.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-23 | CVE-2013-6772 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Splunk Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking | 4.3 |
2018-06-08 | CVE-2018-11409 | Information Exposure vulnerability in Splunk Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. | 5.0 |
2014-10-10 | CVE-2014-3147 | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file. | 3.5 |
2014-08-07 | CVE-2013-7394 | Code Injection vulnerability in Splunk The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. | 9.0 |
2014-08-07 | CVE-2013-6771 | Path Traversal vulnerability in Splunk Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. | 9.3 |
2014-04-02 | CVE-2014-2578 | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-11-25 | CVE-2013-6870 | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-08-17 | CVE-2012-1908 | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2012-01-03 | CVE-2011-4644 | Improper Authentication vulnerability in Splunk Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. | 9.3 |
2012-01-03 | CVE-2011-4643 | Path Traversal vulnerability in Splunk Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. | 4.0 |