Vulnerabilidades em Splunk
170 resultadosCVE-2025-20386HIGHIncorrect permission assignment on Splunk Enterprise for Windows during new installation or upgradeEPSS 0.5%CVE-2025-20387HIGHIncorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgradeEPSS 0.5%CVE-2023-46231HIGHSession Token Disclosure to Internal Log Files in Splunk Add-on BuilderEPSS 0.5%CVE-2023-46213MEDIUMCross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search PageEPSS 0.5%CVE-2025-0367MEDIUMRegular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch)EPSS 0.5%CVE-2026-20266CRITICALOS Command Injection in the btool Configuration Helper in Splunk AI ToolkitEPSS 0.5%CVE-2026-20163HIGHRemote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk EnterpriseEPSS 0.5%CVE-2025-20231HIGHSensitive Information Disclosure in Splunk Secure Gateway AppEPSS 0.5%CVE-2024-22164MEDIUMDenial of Service of an Investigation in Splunk Enterprise Security through Investigation attachmentsEPSS 0.5%CVE-2024-53244MEDIUMRisky command safeguards bypass in “/en-US/app/search/report“ endpoint through “s“ parameterEPSS 0.5%CVE-2022-37438LOWInformation disclosure via the dashboard drilldown in Splunk EnterpriseEPSS 0.4%CVE-2023-32710MEDIUMInformation Disclosure via the ‘copyresults’ SPL CommandEPSS 0.4%CVE-2025-20371HIGHUnauthenticated Blind Server Side Request Forgery (SSRF) in Splunk EnterpriseEPSS 0.4%CVE-2025-20319MEDIUMRemote Command Execution through Scripted Input Files in Splunk EnterpriseEPSS 0.4%CVE-2023-22940MEDIUMSPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk EnterpriseEPSS 0.4%CVE-2023-22937MEDIUMUnnecessary File Extensions Allowed by Lookup Table Uploads in Splunk EnterpriseEPSS 0.4%CVE-2022-43562LOWHost Header Injection in Splunk EnterpriseEPSS 0.4%CVE-2025-20232MEDIUMRisky Command Safeguards Bypass in “/app/search/search“ endpoint through “s“ parameter in Splunk EnterpriseEPSS 0.4%CVE-2025-20226MEDIUMRisky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk EnterpriseEPSS 0.4%CVE-2025-20366MEDIUMImproper Access Control in Background Job Submission in Splunk EnterpriseEPSS 0.4%