Vulnerabilities > Splunk > Splunk > 6.2.15
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-06 | CVE-2022-26070 | Information Exposure Through an Error Message vulnerability in Splunk When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. | 4.0 |
2022-03-25 | CVE-2021-3422 | Improper Input Validation vulnerability in Splunk The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. | 4.3 |
2018-06-08 | CVE-2018-11409 | Information Exposure vulnerability in Splunk Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. | 5.0 |