Vulnerabilities > Splunk > Splunk > 4.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-06 | CVE-2022-26070 | Information Exposure Through an Error Message vulnerability in Splunk When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. | 4.0 |
| 2022-03-25 | CVE-2021-3422 | Improper Input Validation vulnerability in Splunk The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. | 4.3 |
| 2020-01-23 | CVE-2013-6772 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Splunk Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking | 4.3 |
| 2018-06-08 | CVE-2018-11409 | Information Exposure vulnerability in Splunk Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. | 5.0 |
| 2014-10-10 | CVE-2014-3147 | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file. | 3.5 |
| 2014-08-07 | CVE-2013-7394 | Code Injection vulnerability in Splunk The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. | 9.0 |
| 2014-08-07 | CVE-2013-6771 | Path Traversal vulnerability in Splunk Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. | 9.3 |
| 2014-04-02 | CVE-2014-2578 | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-11-25 | CVE-2013-6870 | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-04-10 | CVE-2013-2766 | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |