Vulnerabilities > Splunk > Splunk > 4.0.7

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2013-6772 Improper Restriction of Rendered UI Layers or Frames vulnerability in Splunk
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking
network
low complexity
splunk CWE-1021
4.3
4.3
2018-06-08 CVE-2018-11409 Information Exposure vulnerability in Splunk
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
network
low complexity
splunk CWE-200
5.3
5.3
2010-09-14 CVE-2010-3322 XXE vulnerability in Splunk
The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.
network
low complexity
splunk CWE-611
8.8
8.8