Splunk 9.4.0 Enterprise Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:splunk:splunk:9.4.0:*:*:*:enterprise:*:*:*
part: a version: 9.4.0 update: *
| Vendor | Splunk (0f7ef08f-e3f5-59a4-ba5f-26afb7835b46) |
|---|---|
| Product | Splunk (22a1d8ad-9b0f-51c8-ad24-657c0c14204c) |
| Edition | * |
| Language | * |
| Software edition | enterprise |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-20231 |
vulnerable | 2026-06-03 14:59:13.818752 |
Sensitive Information Disclosure in Splunk Secure Gateway App
HIGH (7.1)
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.<br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated low-privileged user should not be able to exploit the vulnerability at will.
Published: 2025-03-26T21:45:41.250Z
Updated: 2026-02-26T19:09:10.032Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-20229 |
vulnerable | 2026-06-03 14:59:13.815559 |
Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise
HIGH (8)
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks.
Published: 2025-03-26T22:05:09.352Z
Updated: 2026-02-26T19:09:09.560Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-20227 |
vulnerable | 2026-06-03 14:59:13.814637 |
Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio
MEDIUM (4.3)
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure.
Published: 2025-03-26T22:03:50.424Z
Updated: 2025-03-27T13:50:15.585Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-20226 |
vulnerable | 2026-06-03 14:59:13.814090 |
Risky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk Enterprise
MEDIUM (5.7)
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the "/services/streams/search" endpoint through its "q" parameter. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
Published: 2025-03-26T22:02:10.530Z
Updated: 2025-03-27T13:50:54.966Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.