Vulnerabilities > Splunk > Splunk > 5.0

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2013-6773 Improper Privilege Management vulnerability in Splunk
Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges
local
low complexity
splunk microsoft CWE-269
4.6
4.6
2020-01-23 CVE-2013-6772 Improper Restriction of Rendered UI Layers or Frames vulnerability in Splunk
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking
network
splunk CWE-1021
4.3
4.3
2018-06-08 CVE-2018-11409 Information Exposure vulnerability in Splunk
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
network
low complexity
splunk CWE-200
5.0
5.0
2014-12-16 CVE-2014-5466 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
splunk CWE-79
4.3
4.3
2014-10-16 CVE-2014-8302 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard.
network
splunk CWE-79
3.5
3.5
2014-10-16 CVE-2014-8301 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header.
network
splunk CWE-79
4.3
4.3
2014-10-10 CVE-2014-3147 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.
network
splunk CWE-79
3.5
3.5
2014-08-07 CVE-2013-7394 Code Injection vulnerability in Splunk
The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string.
network
low complexity
splunk CWE-94
critical
 9.0
9.0
2014-08-07 CVE-2013-6771 Path Traversal vulnerability in Splunk
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a ..
network
splunk CWE-22
critical
 9.3
9.3
2014-04-02 CVE-2014-2578 Cross-Site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
splunk CWE-79
4.3
4.3