cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0367,https://securityvulnerability.io/vulnerability/CVE-2025-0367,ReDoS Vulnerability in Splunk Supporting Add-on for Active Directory,"A vulnerability exists in the Splunk Supporting Add-on for Active Directory, where a flawed regular expression pattern can be exploited to launch a Regular Expression Denial of Service (ReDoS) attack. This can allow attackers to degrade the performance of services, making them unresponsive and potentially leading to service disruptions. Users should upgrade to a version above 3.1.0 to mitigate this risk.",Splunk,Splunk Supporting Add-on For Active Directory,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T17:04:49.734Z,0
CVE-2025-22621,https://securityvulnerability.io/vulnerability/CVE-2025-22621,Improper Access Control in Splunk App for SOAR by Splunk,"Versions of the Splunk App for SOAR up to and including 1.0.67 contain a vulnerability that stems from the Splunk documentation suggesting the addition of the 'admin_all_objects' capability to the 'splunk_app_soar' role. This misconfiguration could allow low-privileged users without the appropriate 'admin' roles to gain unauthorized access to critical application functions, potentially leading to unauthorized data exposure or manipulation. It is crucial for users to review their role assignments and ensure that access controls are appropriately set to mitigate this risk.",Splunk,Splunk App For Soar,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-07T17:15:00.000Z,0
CVE-2024-53243,https://securityvulnerability.io/vulnerability/CVE-2024-53243,Improper Access Control in Splunk Enterprise and Secure Gateway App,"In affected versions of Splunk Enterprise and the Splunk Secure Gateway app, a vulnerability exists that allows low-privileged users to access alert search query results through KVstore endpoints. This occurs due to insufficient access control mechanisms, posing a risk of unauthorized data exposure.",Splunk,"Splunk Enterprise,Splunk Secure Gateway",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T18:15:00.000Z,0
CVE-2024-53247,https://securityvulnerability.io/vulnerability/CVE-2024-53247,Low-Privileged User RCE Vulnerability in Splunk Enterprise and Secure Gateway,"A vulnerability has been identified in Splunk Enterprise and the Splunk Secure Gateway app, allowing low-privileged users without administrative privileges to execute arbitrary code remotely. This issue affects specific versions of both Splunk Enterprise and the Secure Gateway app, potentially leading to unauthorized access and manipulation of system resources. Security measures should be prioritized to mitigate the risks associated with this vulnerability, particularly in environments where user permissions are not effectively managed.",Splunk,"Splunk Enterprise,Splunk Secure Gateway",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T18:15:00.000Z,0
CVE-2024-53245,https://securityvulnerability.io/vulnerability/CVE-2024-53245,Insufficient Access Control in Splunk Enterprise and Splunk Cloud Platform,"In certain versions of Splunk Enterprise and Splunk Cloud Platform, a flaw exists that allows low-privileged users to clone dashboards they should not access due to insufficient access controls. This occurs when a user's name matches that of a role with read access to the dashboard. As a result, these users may inadvertently expose sensitive dashboard names and XML configurations, presenting a potential security risk.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",3.1,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T18:15:00.000Z,0
CVE-2024-53246,https://securityvulnerability.io/vulnerability/CVE-2024-53246,Sensitive Information Disclosure in Splunk Enterprise and Cloud Platform,"A vulnerability exists in Splunk Enterprise and Splunk Cloud Platform that allows the disclosure of sensitive information through the exploitation of specific SPL commands. This risk could arise when another vulnerability, such as a Risky Commands Bypass, is present, enabling potential attackers to access confidential data inadvertently exposed through the affected versions.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T18:15:00.000Z,0
CVE-2024-53244,https://securityvulnerability.io/vulnerability/CVE-2024-53244,Privilege Escalation in Splunk Enterprise and Cloud Platforms,"A vulnerability exists in Splunk Enterprise and Cloud Platforms that allows low-privileged users to execute saved searches with risky commands. This occurs through misuse of the permissions of higher-privileged users, specifically on the '/en-US/app/search/report' endpoint. Attackers can exploit this by tricking users into making requests via phishing methods, leading to a circumvention of standard SPL safeguards. Proper administrative controls and user education are essential to mitigate this risk.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T18:15:00.000Z,0
CVE-2024-45736,https://securityvulnerability.io/vulnerability/CVE-2024-45736,"Splunk Enterprise Versions below 9.3.1, 9.2.3, and 9.1.6 Have a Vulnerability in Field Transformation That Can Crash the Splunk Daemon","In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could craft a search query with an improperly formatted  ""INGEST_EVAL"" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).",Splunk,"Splunk Enterprise,Splunk Cloud Platform",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45733,https://securityvulnerability.io/vulnerability/CVE-2024-45733,Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows,"A security flaw present in Splunk Enterprise for Windows allows low-privileged users, lacking 'admin' or 'power' roles, to exploit an insecure session storage configuration. This vulnerability permits these users to execute arbitrary code remotely, raising significant security concerns for systems operating on affected versions. Organizations using Splunk Enterprise versions below 9.2.3 and 9.1.6 should prioritize applying necessary patches and access controls to mitigate this risk.",Splunk,Splunk Enterprise,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45739,https://securityvulnerability.io/vulnerability/CVE-2024-45739,Potential Exposure of Plaintext Passwords in Splunk Enterprise,"In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.",Splunk,Splunk Enterprise,4.9,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45732,https://securityvulnerability.io/vulnerability/CVE-2024-45732,Low-Privileged User Vulnerability in Splunk Enterprise,"In specific versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability allows low-privileged users, lacking the 'admin' or 'power' roles, to execute searches as the 'nobody' user within the SplunkDeploymentServerConfig app. This could potentially expose sensitive or restricted data, raising significant security concerns for environments where data access needs strict control.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",7.1,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45731,https://securityvulnerability.io/vulnerability/CVE-2024-45731,Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk,"In Splunk Enterprise for Windows, when installed on a separate drive, a vulnerability exists that allows low-privileged users—without 'admin' or 'power' roles—to write files directly to the Windows system root directory. This results in potential unauthorized access to critical system files, posing serious security implications for affected installations, particularly versions prior to 9.3.1, 9.2.3, and 9.1.6. It is crucial for organizations using these versions to assess their configurations and apply remedial measures as detailed in the Splunk security advisory.",Splunk,Splunk Enterprise,8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45740,https://securityvulnerability.io/vulnerability/CVE-2024-45740,Low-Privileged User Could Execute Unauthorized JavaScript Code Through Scheduled Views,"In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45734,https://securityvulnerability.io/vulnerability/CVE-2024-45734,Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard,"In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the  machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard.",Splunk,Splunk Enterprise,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45735,https://securityvulnerability.io/vulnerability/CVE-2024-45735,Improper Access Control for low-privileged user in Splunk Secure Gateway App,"In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.",Splunk,"Splunk Enterprise,Splunk Secure Gateway",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45737,https://securityvulnerability.io/vulnerability/CVE-2024-45737,Low-Privileged User Vulnerability in Splunk Enterprise,"In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).",Splunk,"Splunk Enterprise,Splunk Cloud Platform",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45741,https://securityvulnerability.io/vulnerability/CVE-2024-45741,Splunk Enterprise Version Vulnerability Could Lead to Browser JavaScript Execution,"In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the ""admin"" or ""power"" Splunk roles could create a malicious payload through a custom configuration file that the ""api.uri"" parameter from the ""/manager/search/apps/local"" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-14T17:15:00.000Z,0
CVE-2024-45738,https://securityvulnerability.io/vulnerability/CVE-2024-45738,Splunk Enterprise Exposes Sensitive HTTP Parameters,"In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level.",Splunk,Splunk Enterprise,4.9,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-14T17:03:38.142Z,0
CVE-2024-36997,https://securityvulnerability.io/vulnerability/CVE-2024-36997,Splunk Enterprise Vulnerability: Arbitrary JavaScript Code Execution in Browser Context,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",4.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-01T16:57:47.904Z,0
CVE-2024-36993,https://securityvulnerability.io/vulnerability/CVE-2024-36993,Low-Privileged User Could Execute Unauthorized JavaScript Code Through Splunk Web Bulletin Messages,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:54:35.379Z,0
CVE-2024-36995,https://securityvulnerability.io/vulnerability/CVE-2024-36995,"Low-Privileged Users Can Create Experimental Items in Splunk Enterprise Versions Below 9.2.2, 9.1.5, and 9.0.10","In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:52:57.700Z,0
CVE-2024-36982,https://securityvulnerability.io/vulnerability/CVE-2024-36982,Splunk Enterprise Crash Vulnerability,"In certain versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability exists that allows an attacker to invoke a null pointer reference on the cluster/config REST endpoint. This flaw may lead to a crash of the Splunk daemon, potentially impacting the availability and functionality of the affected services. Users of these versions should take caution and consider updating to secure versions to mitigate any associated risks.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-01T16:31:04.078Z,0
CVE-2024-36991,https://securityvulnerability.io/vulnerability/CVE-2024-36991,Splunk Enterprise Path Traversal Vulnerability on Windows,"A path traversal vulnerability exists in Splunk Enterprise running on Windows, affecting versions prior to 9.2.2, as well as versions 9.1.5 and 9.0.10. This issue allows an attacker to potentially access restricted directories and files on the server through the /modules/messaging/ endpoint. Ensuring that systems are upgraded to the latest versions is crucial to mitigate this risk. Organizations using affected versions should prioritize immediate updates and review their configurations to enhance overall security.",Splunk,Splunk Enterprise,7.5,HIGH,0.12011999636888504,false,,true,true,true,2024-07-09T09:30:19.000Z,true,true,true,2024-07-09T01:52:02.381Z,2024-07-01T16:31:03.563Z,18885
CVE-2024-36990,https://securityvulnerability.io/vulnerability/CVE-2024-36990,Low-Privileged User Could Cause Denial of Service in Splunk Enterprise,"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.",Splunk,"Splunk Enterprise,Splunk Cloud Platform",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-01T16:30:57.995Z,0
CVE-2024-36985,https://securityvulnerability.io/vulnerability/CVE-2024-36985,Low-Privileged User Vulnerability in Splunk Enterprise Could Lead to Remote Code Execution,"A vulnerability exists in Splunk Enterprise that allows low-privileged users, who do not have the admin or power roles, to perform unauthorized actions leading to remote code execution. This issue stems from an external lookup mechanism that references the 'splunk_archiver' application. Affected users can exploit this vulnerability on versions before 9.2.2, 9.1.5, and 9.0.10, potentially compromising the security of the application and its underlying data.",Splunk,Splunk Enterprise,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-01T16:30:57.461Z,0