Splunk

Splunk

184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-31559

  • EPSS 0.2%
  • Veröffentlicht 06.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:05:54

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does...

5.3

CVE-2021-33845

  • EPSS 0.29%
  • Veröffentlicht 06.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:09:41

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.

7.8

CVE-2021-42743

  • EPSS 0.12%
  • Veröffentlicht 06.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:28:05

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.

4.3

CVE-2022-26070

  • EPSS 0.26%
  • Veröffentlicht 06.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:53:22

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.

8.8

CVE-2022-26889

  • EPSS 0.14%
  • Veröffentlicht 06.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:54:44

In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or byp...

6.1

CVE-2022-27183

  • EPSS 0.58%
  • Veröffentlicht 06.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:55:21

The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on Splun...

7.5

CVE-2021-3422

  • EPSS 0.39%
  • Veröffentlicht 25.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:28

The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7....

4.3

CVE-2013-6772

  • EPSS 0.21%
  • Veröffentlicht 23.01.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 01:59:41

Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking

7.8

CVE-2013-6773

  • EPSS 0.05%
  • Veröffentlicht 23.01.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 01:59:41

Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges

5.4

CVE-2019-5727

  • EPSS 0.22%
  • Veröffentlicht 21.02.2019 01:29:00
  • Zuletzt bearbeitet 21.11.2024 04:45:24

Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.