Vulnerabilities > Splunk > Splunk > 4.0.2

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2013-6772 Improper Restriction of Rendered UI Layers or Frames vulnerability in Splunk
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking
network
splunk CWE-1021
4.3
2018-06-08 CVE-2018-11409 Information Exposure vulnerability in Splunk
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
network
low complexity
splunk CWE-200
5.0
2014-10-10 CVE-2014-3147 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.
network
splunk CWE-79
3.5
2014-08-07 CVE-2013-7394 Code Injection vulnerability in Splunk
The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string.
network
low complexity
splunk CWE-94
critical
9.0
2014-08-07 CVE-2013-6771 Path Traversal vulnerability in Splunk
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a ..
network
splunk CWE-22
critical
9.3
2014-04-02 CVE-2014-2578 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
splunk CWE-79
4.3
2013-11-25 CVE-2013-6870 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
splunk CWE-79
4.3
2012-08-17 CVE-2012-1908 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
network
splunk CWE-79
4.3
2012-01-03 CVE-2011-4644 Improper Authentication vulnerability in Splunk
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.
network
splunk CWE-287
critical
9.3
2012-01-03 CVE-2011-4643 Path Traversal vulnerability in Splunk
Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a ..
network
low complexity
splunk CWE-22
4.0