Vulnerabilities > Splunk > Splunk > 6.3.14

DATE CVE VULNERABILITY TITLE RISK
2022-05-06 CVE-2022-26070 Information Exposure Through an Error Message vulnerability in Splunk
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path.
network
low complexity
splunk CWE-209
4.0
4.0
2022-03-25 CVE-2021-3422 Improper Input Validation vulnerability in Splunk
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic.
network
splunk CWE-20
4.3
4.3
2018-06-08 CVE-2018-11409 Information Exposure vulnerability in Splunk
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
network
low complexity
splunk CWE-200
5.0
5.0