GCVE - cpe:2.3:a:splunk:splunk:9.0.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:splunk:splunk:9.0.0:*:*:*:enterprise:*:*:*

part: a version: 9.0.0 update: *

Vendor	Splunk (`0f7ef08f-e3f5-59a4-ba5f-26afb7835b46`)
Product	Splunk (`22a1d8ad-9b0f-51c8-ad24-657c0c14204c`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-36991`	vulnerable	2026-06-03 14:56:05.327199	Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows HIGH (7.5) In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. Published: 2024-07-01T16:31:03.563Z Updated: 2025-02-28T11:03:48.685Z Open on db.gcve.eu Reference links https://advisory.splunk.com/advisories/SVD-2024-0711 https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-37438`	vulnerable	2026-06-03 14:47:47.394549	Information disclosure via the dashboard drilldown in Splunk Enterprise LOW (2.6) In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web. Published: 2022-08-16T19:49:23.763Z Updated: 2024-09-17T01:46:12.412Z Open on db.gcve.eu Reference links https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-37437`	vulnerable	2026-06-03 14:47:47.392592	Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation HIGH (7.4) When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions. Published: 2022-08-16T19:50:29.832Z Updated: 2024-09-16T20:03:48.193Z Open on db.gcve.eu Reference links https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.