GCVE - cpe:2.3:a:splunk:splunk:6.3.2:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:splunk:splunk:6.3.2:*:*:*:enterprise:*:*:*

part: a version: 6.3.2 update: *

Vendor	Splunk (`0f7ef08f-e3f5-59a4-ba5f-26afb7835b46`)
Product	Splunk (`22a1d8ad-9b0f-51c8-ad24-657c0c14204c`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-5880`	vulnerable	2026-06-03 14:37:26.570509	Details available Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279. Published: 2017-02-04T05:20:00.000Z Updated: 2024-08-05T15:11:48.737Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAPW8	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12572`	vulnerable	2026-06-03 14:36:36.160437	Details available Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104. Published: 2017-08-05T21:00:00.000Z Updated: 2024-09-17T00:41:23.645Z Open on db.gcve.eu Reference links https://www.splunk.com/view/SP-CAAAPYC	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4859`	vulnerable	2026-06-03 14:35:53.597942	Details available Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Published: 2017-05-12T18:00:00.000Z Updated: 2024-08-06T00:46:38.464Z Open on db.gcve.eu Reference links https://jvn.jp/en/jp/JVN64800312/index.html https://www.splunk.com/view/SP-CAAAPQ6 http://www.securityfocus.com/bid/92603	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4858`	vulnerable	2026-06-03 14:35:53.595781	Details available Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2017-05-12T18:00:00.000Z Updated: 2024-08-06T00:46:38.458Z Open on db.gcve.eu Reference links https://www.splunk.com/view/SP-CAAAPN9 https://jvn.jp/en/jp/JVN71462075/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4857`	vulnerable	2026-06-03 14:35:53.565862	Details available Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Published: 2017-05-12T18:00:00.000Z Updated: 2024-08-06T00:46:38.451Z Open on db.gcve.eu Reference links https://www.splunk.com/view/SP-CAAAPQM https://jvn.jp/en/jp/JVN39926655/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4856`	vulnerable	2026-06-03 14:35:53.551668	Details available Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. Published: 2017-05-12T18:00:00.000Z Updated: 2024-08-06T00:46:38.427Z Open on db.gcve.eu Reference links https://www.splunk.com/view/SP-CAAAPN9 https://jvn.jp/en/jp/JVN71462075/index.html http://www.securityfocus.com/bid/92990	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10126`	vulnerable	2026-06-03 14:35:23.440393	Details available Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840. Published: 2017-01-10T11:00:00.000Z Updated: 2024-08-06T03:14:41.308Z Open on db.gcve.eu Reference links https://www.splunk.com/view/SP-CAAAPSR http://www.securityfocus.com/bid/95412	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.