Approved changes feed: RSS · Atom
cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Splunk (0f7ef08f-e3f5-59a4-ba5f-26afb7835b46) |
|---|---|
| Product | Splunk (22a1d8ad-9b0f-51c8-ad24-657c0c14204c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-22934 |
vulnerable | 2026-06-03 14:49:20.587304 |
SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise
HIGH (7.3)
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.
Published: 2023-02-14T17:22:35.427Z
Updated: 2025-02-28T11:03:58.707Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11409 |
vulnerable | 2026-06-03 14:38:01.445838 |
Details available
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
Published: 2018-06-08T12:00:00.000Z
Updated: 2024-08-05T08:10:14.050Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-3147 |
vulnerable | 2026-06-03 14:33:53.304887 |
Details available
Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.
Published: 2014-10-10T01:00:00.000Z
Updated: 2024-08-06T10:35:56.563Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-2578 |
vulnerable | 2026-06-03 14:33:51.338101 |
Details available
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2014-04-02T14:00:00.000Z
Updated: 2024-08-06T10:21:35.217Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-7394 |
vulnerable | 2026-06-03 14:33:35.690098 |
Details available
The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.
Published: 2014-08-07T10:00:00.000Z
Updated: 2024-08-06T18:09:16.444Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-6870 |
vulnerable | 2026-06-03 14:33:32.789286 |
Details available
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2013-11-25T19:00:00.000Z
Updated: 2024-09-17T01:06:10.198Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-6773 |
vulnerable | 2026-06-03 14:33:32.559939 |
Details available
Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges
Published: 2020-01-23T14:37:36.000Z
Updated: 2024-08-06T17:46:23.393Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-6772 |
vulnerable | 2026-06-03 14:33:32.559616 |
Details available
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking
Published: 2020-01-23T14:34:54.000Z
Updated: 2024-08-06T17:46:23.371Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-6771 |
vulnerable | 2026-06-03 14:33:32.557088 |
Details available
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script.
Published: 2014-08-07T10:00:00.000Z
Updated: 2024-08-06T17:46:23.468Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-4644 |
vulnerable | 2026-06-03 14:31:25.773953 |
Details available
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.
Published: 2012-01-03T11:00:00.000Z
Updated: 2024-08-07T00:09:19.537Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-3322 |
vulnerable | 2026-06-03 14:30:30.871654 |
Details available
The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.
Published: 2010-09-14T16:39:00.000Z
Updated: 2024-09-16T16:44:07.698Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.