GCVE - cpe:2.3:a:splunk:splunk:4.1.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:splunk:splunk:4.1.2:*:*:*:*:*:*:*

part: a version: 4.1.2 update: *

Vendor	Splunk (`0f7ef08f-e3f5-59a4-ba5f-26afb7835b46`)
Product	Splunk (`22a1d8ad-9b0f-51c8-ad24-657c0c14204c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-6870`	vulnerable	2026-06-03 14:33:32.819724	Details available Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2013-11-25T19:00:00.000Z Updated: 2024-09-17T01:06:10.198Z Open on db.gcve.eu Reference links http://secunia.com/advisories/55774 http://www.splunk.com/view/SP-CAAAJCD http://www.securitytracker.com/id/1029385	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1908`	vulnerable	2026-06-03 14:31:45.022809	Details available Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Published: 2012-08-17T00:00:00.000Z Updated: 2024-09-16T19:51:31.542Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAGTK#38585	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4644`	vulnerable	2026-06-03 14:31:25.792768	Details available Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. Published: 2012-01-03T11:00:00.000Z Updated: 2024-08-07T00:09:19.537Z Open on db.gcve.eu Reference links http://www.sec-1.com/blog/?p=233 http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf http://www.exploit-db.com/exploits/18245/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4643`	vulnerable	2026-06-03 14:31:25.768753	Details available Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243. Published: 2012-01-03T11:00:00.000Z Updated: 2024-08-07T00:09:19.409Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAGMM http://www.securitytracker.com/id?1026451 https://exchange.xforce.ibmcloud.com/vulnerabilities/72244 http://www.sec-1.com/blog/?p=233 http://secunia.com/advisories/47232	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-3323`	vulnerable	2026-06-03 14:30:30.872327	Details available Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter. Published: 2010-09-14T16:39:00.000Z Updated: 2024-09-16T18:33:48.501Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAFQ6	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2429`	vulnerable	2026-06-03 14:30:25.259038	Details available Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response. Published: 2010-06-23T17:13:00.000Z Updated: 2024-08-07T02:32:16.593Z Open on db.gcve.eu Reference links http://www.splunk.com/view/SP-CAAAFHY http://secunia.com/advisories/40187 http://www.osvdb.org/65623 https://exchange.xforce.ibmcloud.com/vulnerabilities/59517	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.