Skip to content
Threat Feed

CPE

Cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*

6 briefs RSS
high advisory

Splunk Code Injection via Custom Dashboard Leading to RCE (CVE-2022-43571)

An authenticated user can exploit CVE-2022-43571, a code injection vulnerability within Splunk Enterprise or Splunk Cloud's dashboard PDF generation component, leading to remote code execution (RCE) and potential compromise of the Splunk environment.

Splunk Enterprise +3 splunk vulnerability rce code-injection application-vulnerability
1t 1c
high advisory

Splunk XSS Privilege Escalation via Custom URLs in Dashboard (CVE-2024-36992)

A critical cross-site scripting (XSS) vulnerability, identified as CVE-2024-36992, affects Splunk Enterprise and Splunk Cloud Platform, allowing attackers to achieve privilege escalation by exploiting custom URLs within Splunk dashboards via malicious POST requests to the `splunk_internal_metrics/data/ui/views` endpoint, leading to the creation of new user accounts with elevated access permissions on the Splunk server.

Splunk Enterprise +2 xss privilege-escalation splunk cve vulnerability
2r 1t 1c
medium advisory

Splunk User Enumeration Attempt Detection

An attacker is attempting to enumerate valid Splunk usernames by repeatedly submitting failed authentication attempts from a single source, as detected by monitoring the `_audit` index for multiple login failures, which is a precursor to credential-based attacks like password spraying or brute force, potentially leading to unauthorized access and sensitive data exposure.

Splunk Enterprise +2 user-enumeration splunk authentication application
1t 1c
critical advisory

Splunk RCE via User XSLT Exploitation (CVE-2023-46214)

This brief identifies potential remote code execution (RCE) attempts targeting Splunk servers by exploiting CVE-2023-46214, a vulnerability related to user-supplied Extensible Stylesheet Language Transformations (XSLT) that allows attackers to execute arbitrary code leading to full system compromise.

Splunk Enterprise < 9.0.7 +3 application rce splunk vulnerability
1r 1t 1c
high advisory

Splunk RCE Through Arbitrary File Write to Windows System Root

A critical vulnerability (CVE-2024-45731, CVE-2024-45733) in Splunk Enterprise for Windows versions below 9.3.0, 9.2.3, and 9.1.6 allows low-privileged users to perform arbitrary file writes to the Windows system root directory (C:\Windows\System32) when Splunk is installed on a separate drive, enabling remote code execution through insecure session storage configuration.

Splunk Enterprise for Windows +2 application-vulnerability rce file-write privilege-escalation splunk windows
2r 3t 2c
high advisory

Splunk Authentication Token Exposure in Debug Logs (CVE-2024-29945)

A critical vulnerability, CVE-2024-29945, allows for the exposure of authentication tokens in debug logs within Splunk Enterprise and Splunk Cloud, enabling an attacker with access to internal log files to gain unauthorized access, exfiltrate data, and potentially achieve full compromise of the Splunk infrastructure if unpatched versions (prior to 9.2.1, 9.1.4, and 9.0.9 for Enterprise) are in use.

Splunk Enterprise +3 splunk vulnerability token-exposure log-analysis application
1r 1t 1c