Splunk 9.1.0 Enterprise Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:splunk:splunk:9.1.0:*:*:*:enterprise:*:*:*
part: a version: 9.1.0 update: *
| Vendor | Splunk (0f7ef08f-e3f5-59a4-ba5f-26afb7835b46) |
|---|---|
| Product | Splunk (22a1d8ad-9b0f-51c8-ad24-657c0c14204c) |
| Edition | * |
| Language | * |
| Software edition | enterprise |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-36991 |
vulnerable | 2026-06-03 14:56:05.328188 |
Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows
HIGH (7.5)
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Published: 2024-07-01T16:31:03.563Z
Updated: 2025-02-28T11:03:48.685Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40597 |
vulnerable | 2026-06-03 14:52:50.161303 |
Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
HIGH (7.8)
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
Published: 2023-08-30T16:19:44.220Z
Updated: 2025-07-01T13:45:24.210Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40596 |
vulnerable | 2026-06-03 14:52:50.160868 |
Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL
HIGH (7)
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.
Published: 2023-08-30T16:19:43.630Z
Updated: 2025-02-28T11:03:54.197Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40595 |
vulnerable | 2026-06-03 14:52:50.160446 |
Remote Code Execution via Serialized Session Payload
HIGH (8.8)
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.
Published: 2023-08-30T16:19:29.761Z
Updated: 2025-02-28T11:03:49.175Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40594 |
vulnerable | 2026-06-03 14:52:50.160073 |
Denial of Service (DoS) via the ‘printf’ Search Function
MEDIUM (6.5)
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.
Published: 2023-08-30T16:19:40.677Z
Updated: 2025-02-28T11:03:47.517Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40592 |
vulnerable | 2026-06-03 14:52:50.158361 |
Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint
HIGH (8.4)
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.
Published: 2023-08-30T16:19:38.525Z
Updated: 2025-02-28T11:03:48.911Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.