GCVE - cpe:2.3:a:splunk:splunk:6.2.1:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:splunk:splunk:6.2.1:*:*:*:enterprise:*:*:*

part: a version: 6.2.1 update: *

Vendor	Splunk (`0f7ef08f-e3f5-59a4-ba5f-26afb7835b46`)
Product	Splunk (`22a1d8ad-9b0f-51c8-ad24-657c0c14204c`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-5880`	vulnerable	2026-06-03 14:37:26.563702	Details available Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279. Published: 2017-02-04T05:20:00.000Z Updated: 2024-08-05T15:11:48.737Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAPW8	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4859`	vulnerable	2026-06-03 14:35:53.597711	Details available Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Published: 2017-05-12T18:00:00.000Z Updated: 2024-08-06T00:46:38.464Z Open on db.gcve.eu Reference links https://jvn.jp/en/jp/JVN64800312/index.html https://www.splunk.com/view/SP-CAAAPQ6 http://www.securityfocus.com/bid/92603	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4858`	vulnerable	2026-06-03 14:35:53.595498	Details available Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2017-05-12T18:00:00.000Z Updated: 2024-08-06T00:46:38.458Z Open on db.gcve.eu Reference links https://www.splunk.com/view/SP-CAAAPN9 https://jvn.jp/en/jp/JVN71462075/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4857`	vulnerable	2026-06-03 14:35:53.559543	Details available Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Published: 2017-05-12T18:00:00.000Z Updated: 2024-08-06T00:46:38.451Z Open on db.gcve.eu Reference links https://www.splunk.com/view/SP-CAAAPQM https://jvn.jp/en/jp/JVN39926655/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10126`	vulnerable	2026-06-03 14:35:23.434026	Details available Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840. Published: 2017-01-10T11:00:00.000Z Updated: 2024-08-06T03:14:41.308Z Open on db.gcve.eu Reference links https://www.splunk.com/view/SP-CAAAPSR http://www.securityfocus.com/bid/95412	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7604`	vulnerable	2026-06-03 14:35:09.516384	Details available Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2015-09-29T19:00:00.000Z Updated: 2024-09-16T19:24:30.113Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1033655 http://www.splunk.com/view/SP-CAAAPAM	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-6515`	vulnerable	2026-06-03 14:35:02.380639	Details available Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header. Published: 2015-08-18T15:00:00.000Z Updated: 2024-09-16T17:38:14.848Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAN7C http://www.securitytracker.com/id/1032859	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-6514`	vulnerable	2026-06-03 14:35:02.361960	Details available Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: 2015-08-18T15:00:00.000Z Updated: 2024-09-16T20:07:04.560Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAN7C http://www.securitytracker.com/id/1032859	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.