Splunk CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2013-6771	1 Splunk	1 Splunk	2024-08-06	N/A
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script.
CVE-2013-6773	2 Microsoft, Splunk	2 Windows, Splunk	2024-08-06	7.8 High
Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges
CVE-2013-6772	1 Splunk	1 Splunk	2024-08-06	4.3 Medium
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking

« first previous Page 14 of 14.