Splunk

Splunk

160 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-32157

  • EPSS 0.5%
  • Veröffentlicht 15.06.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 07:05:51

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and client...

10

CVE-2022-32158

  • EPSS 0.8%
  • Veröffentlicht 15.06.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 07:05:51

Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use t...

9.1

CVE-2022-32151

  • EPSS 0.2%
  • Veröffentlicht 15.06.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:50

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform ver...

7.2

CVE-2022-32152

  • EPSS 0.47%
  • Veröffentlicht 15.06.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:50

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properl...

8.1

CVE-2022-32153

  • EPSS 0.3%
  • Veröffentlicht 15.06.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:50

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properl...

8.1

CVE-2021-26253

  • EPSS 0.2%
  • Veröffentlicht 06.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:55:59

A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA...

7.5

CVE-2021-31559

  • EPSS 0.15%
  • Veröffentlicht 06.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:05:54

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does...

5.3

CVE-2021-33845

  • EPSS 0.29%
  • Veröffentlicht 06.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:09:41

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.

7.8

CVE-2021-42743

  • EPSS 0.12%
  • Veröffentlicht 06.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:28:05

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.

4.3

CVE-2022-26070

  • EPSS 0.26%
  • Veröffentlicht 06.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:53:22

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.