GCVE - cpe:2.3:a:splunk:enterprise_security:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:splunk:enterprise_security:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Splunk (`0f7ef08f-e3f5-59a4-ba5f-26afb7835b46`)
Product	Enterprise Security (`c622cef1-5dbb-57fa-b739-c74f50c83229`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-36984`	vulnerable	2026-06-03 14:56:05.321925	Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows HIGH (8.8) In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code. Published: 2024-07-01T16:30:44.270Z Updated: 2025-02-28T11:03:53.978Z Open on db.gcve.eu Reference links https://advisory.splunk.com/advisories/SVD-2024-0704 https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-22165`	vulnerable	2026-06-03 14:54:59.911454	Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation MEDIUM (6.5) In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users. Published: 2024-01-09T17:01:04.884Z Updated: 2025-02-28T11:03:43.686Z Open on db.gcve.eu Reference links https://advisory.splunk.com/advisories/SVD-2024-0102 https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-22164`	vulnerable	2026-06-03 14:54:59.910948	Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments MEDIUM (4.3) In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. Published: 2024-01-09T17:01:07.832Z Updated: 2025-06-03T14:31:04.696Z Open on db.gcve.eu Reference links https://advisory.splunk.com/advisories/SVD-2024-0101 https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.