Vulnerabilities > Splunk > Splunk > 4.0.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-09-14 | CVE-2010-3323 | Unspecified vulnerability in Splunk Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter. | 4.6 |
2010-09-14 | CVE-2010-3322 | XXE vulnerability in Splunk The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors. | 8.8 |
2010-06-24 | CVE-2010-2429 | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response. | 4.3 |