GCVE - cpe:2.3:a:splunk:splunk:4.0.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:splunk:splunk:4.0.1:*:*:*:*:*:*:*

part: a version: 4.0.1 update: *

Vendor	Splunk (`0f7ef08f-e3f5-59a4-ba5f-26afb7835b46`)
Product	Splunk (`22a1d8ad-9b0f-51c8-ad24-657c0c14204c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-6870`	vulnerable	2026-06-03 14:33:32.813207	Details available Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2013-11-25T19:00:00.000Z Updated: 2024-09-17T01:06:10.198Z Open on db.gcve.eu Reference links http://secunia.com/advisories/55774 http://www.splunk.com/view/SP-CAAAJCD http://www.securitytracker.com/id/1029385	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1908`	vulnerable	2026-06-03 14:31:45.016531	Details available Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Published: 2012-08-17T00:00:00.000Z Updated: 2024-09-16T19:51:31.542Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAGTK#38585	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4644`	vulnerable	2026-06-03 14:31:25.792545	Details available Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. Published: 2012-01-03T11:00:00.000Z Updated: 2024-08-07T00:09:19.537Z Open on db.gcve.eu Reference links http://www.sec-1.com/blog/?p=233 http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf http://www.exploit-db.com/exploits/18245/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4643`	vulnerable	2026-06-03 14:31:25.762247	Details available Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243. Published: 2012-01-03T11:00:00.000Z Updated: 2024-08-07T00:09:19.409Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAGMM http://www.securitytracker.com/id?1026451 https://exchange.xforce.ibmcloud.com/vulnerabilities/72244 http://www.sec-1.com/blog/?p=233 http://secunia.com/advisories/47232	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-3323`	vulnerable	2026-06-03 14:30:30.872093	Details available Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter. Published: 2010-09-14T16:39:00.000Z Updated: 2024-09-16T18:33:48.501Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAFQ6	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2504`	vulnerable	2026-06-03 14:30:25.793343	Details available Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066. Published: 2010-06-28T18:06:00.000Z Updated: 2024-09-16T19:25:20.158Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAFGD	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2503`	vulnerable	2026-06-03 14:30:25.792825	Details available Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085. Published: 2010-06-28T18:06:00.000Z Updated: 2024-09-16T17:48:52.773Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAFGD	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2502`	vulnerable	2026-06-03 14:30:25.792291	Details available Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067. Published: 2010-06-28T18:06:00.000Z Updated: 2024-09-17T03:58:51.538Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAFGD	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2429`	vulnerable	2026-06-03 14:30:25.252763	Details available Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response. Published: 2010-06-23T17:13:00.000Z Updated: 2024-08-07T02:32:16.593Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAFHY http://secunia.com/advisories/40187 http://www.osvdb.org/65623 https://exchange.xforce.ibmcloud.com/vulnerabilities/59517	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.