Vulnerabilities > Splunk > Splunk > 6.6.1

DATE CVE VULNERABILITY TITLE RISK
2023-08-30 CVE-2023-40598 Missing Authentication for Critical Function vulnerability in Splunk
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function.
network
low complexity
splunk CWE-306
8.8
2022-06-15 CVE-2022-32151 Improper Certificate Validation vulnerability in Splunk
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203.
network
low complexity
splunk CWE-295
6.4
2022-06-15 CVE-2022-32152 Improper Certificate Validation vulnerability in Splunk
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default.
network
low complexity
splunk CWE-295
6.5
2022-06-15 CVE-2022-32153 Improper Certificate Validation vulnerability in Splunk
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default.
network
splunk CWE-295
6.8
2022-06-15 CVE-2022-32154 Command Injection vulnerability in Splunk
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request.
network
high complexity
splunk CWE-77
4.0
2022-06-15 CVE-2022-32155 Incorrect Permission Assignment for Critical Resource vulnerability in Splunk
In universal forwarder versions before 9.0, management services are available remotely by default.
network
low complexity
splunk CWE-732
5.0
2022-06-15 CVE-2022-32156 Improper Certificate Validation vulnerability in Splunk
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default.
network
high complexity
splunk CWE-295
8.1
2022-06-15 CVE-2022-32157 Missing Authentication for Critical Function vulnerability in Splunk
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles.
network
low complexity
splunk CWE-306
5.0
2022-06-15 CVE-2022-32158 Unspecified vulnerability in Splunk
Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server.
network
low complexity
splunk
7.5
2022-05-06 CVE-2021-42743 Uncontrolled Search Path Element vulnerability in Splunk
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.
local
low complexity
splunk CWE-427
4.6