CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42743 – Local privilege escalation via a default path in Splunk Enterprise Windows
https://notcve.org/view.php?id=CVE-2021-42743
06 May 2022 — A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. Una configuración errónea en la ruta por defecto del nodo permite una escalada de privilegios local de un usuario menos privilegiado al usuario de Splunk en Splunk Enterprise versiones anteriores a 8.1.1 en Windows • https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3422 – Indexer denial-of-service via malformed S2S request
https://notcve.org/view.php?id=CVE-2021-3422
25 Mar 2022 — The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both r... • https://claroty.com/2022/03/24/blog-research-locking-down-splunk-enterprise-indexers-and-forwarders • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5727
https://notcve.org/view.php?id=CVE-2019-5727
21 Feb 2019 — Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827. Splunk Web en Splunk Enterprise, en versiones 6.5.x anteriores a la 6.5.5, versiones 6.4.x anteriores a la 6.4.9, versiones 6.3.x anteriores a la 6.3.12, versiones 6.2.x anteriores a la 6.2.14, versiones 6.1.x anteriores a la 6.1.14 y versiones 6.0.x anteriores a la 6.0.15; y Splunk Lig... • http://www.securityfocus.com/bid/107113 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-7427
https://notcve.org/view.php?id=CVE-2018-7427
23 Oct 2018 — Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Splunk Web en Splunk Enterprise en versiones 6.0.x anteriores a la 6.0.14, versiones 6.1.x anteriores a la 6.1.13, versiones 6.2.x anteriores a l... • https://www.splunk.com/view/SP-CAAAP5T • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7429
https://notcve.org/view.php?id=CVE-2018-7429
23 Oct 2018 — Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request. Splunkd en Splunk Enterprise en versiones 6.2.x anteriores a la 6.2.14, versiones 6.3.x anteriores a la 6.3.11 y versiones 6.4.x anteriores a la 6.4.8; y en Splunk Light en versiones anteriores a la 6.5.0 permite que atacantes remotos provoquen una denegación de servicio (DoS) mediante una petición HTTP m... • https://www.splunk.com/view/SP-CAAAP5T • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-7431
https://notcve.org/view.php?id=CVE-2018-7431
23 Oct 2018 — Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Splunk Django App en versiones 6.0.x anteriores a la 6.0.14, versiones 6.1.x anteriores a la 6.1.13, versiones 6.2.x anteriores a la 6.2.14, versiones... • https://www.splunk.com/view/SP-CAAAP5T • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-7432
https://notcve.org/view.php?id=CVE-2018-7432
23 Oct 2018 — Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request. Splunk Enterprise en versiones 6.2.x anteriores a la 6.2.14, versiones 6.3.x anteriores a la 6.3.10, versiones 6.4.x anteriores a la 6.3.11 y versiones 6.5.x anteriores a la 6.5.3; y en Splunk Light en versiones anteriores a la 6.6.0 permite que atacantes remotos provoquen una denegación de servic... • https://www.splunk.com/view/SP-CAAAP5T • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 90%CPEs: 1EXPL: 4CVE-2018-11409 – Splunk < 7.0.1 - Information Disclosure
https://notcve.org/view.php?id=CVE-2018-11409
08 Jun 2018 — Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. Splunk hasta la versión 7.0.1 permite la divulgación de información anexando __raw/services/server/info/server-info?output_mode=json en una consulta, tal y como queda demostrado con el descubrimiento de una clave de licencia. Splunk 6.2.3 through 7.0.1 allows information disclosure by appending /__raw/services/server/info/server-inf... • https://packetstorm.news/files/id/180639 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 3%CPEs: 5EXPL: 0CVE-2017-17067
https://notcve.org/view.php?id=CVE-2017-17067
30 Nov 2017 — Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks. Splunk Web en Splunk Enterprise en versiones 7.0.x anteriores a la 7.0.0.1; versiones 6.6.x anteriores a la 6.6.3.2; versiones 6.5.x anteriores a la 6.5.6; versiones 6.4.x anteriores a la 6.4.9 y versiones 6.3.x ante... • http://www.securityfocus.com/bid/102005 • CWE-863: Incorrect Authorization •
CVSS: 4.8EPSS: 0%CPEs: 19EXPL: 0CVE-2017-12572
https://notcve.org/view.php?id=CVE-2017-12572
05 Aug 2017 — Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente en Splunk Enterprise 6.5.x anterior a 6.5.2; 6.4.x anterior a 6.4.6; y 6.3.x anterior a 6.3.9 y Splunk Light anterior a 6.5.2, cuya explotación requiere acceso de administrador, también conocido como SPL-134104. • https://www.splunk.com/view/SP-CAAAPYC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •