Splunk

Splunk

176 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2013-6773

  • EPSS 0.05%
  • Veröffentlicht 23.01.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 01:59:41

Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges

5.4

CVE-2019-5727

  • EPSS 0.22%
  • Veröffentlicht 21.02.2019 01:29:00
  • Zuletzt bearbeitet 21.11.2024 04:45:24

Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.

6.1

CVE-2018-7427

  • EPSS 0.21%
  • Veröffentlicht 23.10.2018 21:31:39
  • Zuletzt bearbeitet 21.11.2024 04:12:06

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote at...

7.5

CVE-2018-7429

  • EPSS 0.6%
  • Veröffentlicht 23.10.2018 21:31:39
  • Zuletzt bearbeitet 21.11.2024 04:12:06

Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request.

6.5

CVE-2018-7431

  • EPSS 0.4%
  • Veröffentlicht 23.10.2018 21:31:39
  • Zuletzt bearbeitet 21.11.2024 04:12:06

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remot...

7.5

CVE-2018-7432

  • EPSS 0.58%
  • Veröffentlicht 23.10.2018 21:31:39
  • Zuletzt bearbeitet 21.11.2024 04:12:07

Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request.

7

CVE-2017-18348

Exploit
  • EPSS 0.04%
  • Veröffentlicht 19.10.2018 08:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:54

Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert T...

5.3

CVE-2018-11409

Exploit
  • EPSS 93.37%
  • Veröffentlicht 08.06.2018 12:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:18

Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.

10

CVE-2017-17067

  • EPSS 3.34%
  • Veröffentlicht 30.11.2017 02:29:04
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access r...

4.8

CVE-2017-12572

  • EPSS 0.26%
  • Veröffentlicht 05.08.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104.