Refine your search
87 vulnerabilities found for Splunk Cloud Platform by Splunk
CVE-2026-20203 (GCVE-0-2026-20203)
Vulnerability from cvelistv5
Published
2026-04-15 15:17
Modified
2026-04-15 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Summary
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles, has write permission on the app, and does not hold the high-privilege capability `accelerate_datamodel`, could turn on or off Data Model Acceleration due to improper access control.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.2 < 10.2.2 Version: 10.0 < 10.0.5 Version: 9.4 < 9.4.10 Version: 9.3 < 9.3.11 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T17:40:22.461732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T17:40:36.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.2",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"lessThan": "10.0.5",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.10",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.11",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "Not Affected",
"status": "affected",
"version": "10.4.2603",
"versionType": "custom"
},
{
"lessThan": "10.3.2512.6",
"status": "affected",
"version": "10.3.2512",
"versionType": "custom"
},
{
"lessThan": "10.2.2510.10",
"status": "affected",
"version": "10.2.2510",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.19",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.13",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.127",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mr Hack (try_to_hack) Santiago Lopez"
}
],
"datePublic": "2026-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles,\u00a0has write permission on the app, and does not hold the high-privilege capability `accelerate_datamodel`, could turn on or off Data Model Acceleration due to improper access control."
}
],
"value": "In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles,\u00a0has write permission on the app, and does not hold the high-privilege capability `accelerate_datamodel`, could turn on or off Data Model Acceleration due to improper access control."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T15:17:56.261Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0402"
}
],
"source": {
"advisory": "SVD-2026-0402"
},
"title": "Improper Access Control in Data Model Acceleration in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20203",
"datePublished": "2026-04-15T15:17:56.261Z",
"dateReserved": "2025-10-08T11:59:15.397Z",
"dateUpdated": "2026-04-15T17:40:36.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20204 (GCVE-0-2026-20204)
Vulnerability from cvelistv5
Published
2026-04-15 15:17
Modified
2026-04-15 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-377 - Creating and using insecure temporary files can leave application and system data vulnerable to attack.
Summary
In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the `$SPLUNK_HOME/var/run/splunk/apptemp` directory due to improper handling and insufficient isolation of temporary files within the `apptemp` directory.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.2 < 10.2.1 Version: 10.0 < 10.0.5 Version: 9.4 < 9.4.10 Version: 9.3 < 9.3.11 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T17:45:58.566029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T17:46:07.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.1",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"lessThan": "10.0.5",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.10",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.11",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "Not Affected",
"status": "affected",
"version": "10.4.2603",
"versionType": "custom"
},
{
"lessThan": "10.3.2512.5",
"status": "affected",
"version": "10.3.2512",
"versionType": "custom"
},
{
"lessThan": "10.2.2510.9",
"status": "affected",
"version": "10.2.2510",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.19",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.13",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.127",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gabriel Nitu, Splunk"
}
],
"datePublic": "2026-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the `$SPLUNK_HOME/var/run/splunk/apptemp` directory due to improper handling and insufficient isolation of temporary files within the `apptemp` directory."
}
],
"value": "In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the `$SPLUNK_HOME/var/run/splunk/apptemp` directory due to improper handling and insufficient isolation of temporary files within the `apptemp` directory."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "Creating and using insecure temporary files can leave application and system data vulnerable to attack.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T15:17:54.019Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0403"
}
],
"source": {
"advisory": "SVD-2026-0403"
},
"title": "Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20204",
"datePublished": "2026-04-15T15:17:54.019Z",
"dateReserved": "2025-10-08T11:59:15.397Z",
"dateUpdated": "2026-04-15T17:46:07.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20202 (GCVE-0-2026-20202)
Vulnerability from cvelistv5
Published
2026-04-15 15:17
Modified
2026-04-15 18:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-176 - The software does not properly handle when an input contains Unicode encoding.
Summary
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.<br><br>This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.2 < 10.2.2 Version: 10.0 < 10.0.5 Version: 9.4 < 9.4.10 Version: 9.3 < 9.3.11 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T18:44:31.460792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T18:44:38.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.2",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"lessThan": "10.0.5",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.10",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.11",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "Not Affected",
"status": "affected",
"version": "10.4.2603",
"versionType": "custom"
},
{
"lessThan": "10.3.2512.6",
"status": "affected",
"version": "10.3.2512",
"versionType": "custom"
},
{
"lessThan": "10.2.2510.10",
"status": "affected",
"version": "10.2.2510",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.20",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.13",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.127",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ryan Luke\u003cbr\u003e\u003cbr\u003eMahfujur Rahman (mahfujwhh)"
}
],
"datePublic": "2026-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.\u003cbr\u003e\u003cbr\u003eThis could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users."
}
],
"value": "In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.\u003cbr\u003e\u003cbr\u003eThis could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-176",
"description": "The software does not properly handle when an input contains Unicode encoding.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T15:17:43.871Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0401"
}
],
"source": {
"advisory": "SVD-2026-0401"
},
"title": "Improper Input Validation during User Account Creation in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20202",
"datePublished": "2026-04-15T15:17:43.871Z",
"dateReserved": "2025-10-08T11:59:15.397Z",
"dateUpdated": "2026-04-15T18:44:38.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20163 (GCVE-0-2026-20163)
Vulnerability from cvelistv5
Published
2026-03-11 16:18
Modified
2026-03-12 13:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Summary
In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.4 Version: 9.4 < 9.4.9 Version: 9.3 < 9.3.10 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T03:55:43.201014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T13:23:31.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.4",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.9",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.10",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.2510.5",
"status": "affected",
"version": "10.2.2510",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.12",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.16",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.124",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA) \u003cbr\u003e\u003cbr\u003eGabriel Nitu, Splunk\u003cbr\u003e\u003cbr\u003eJames Ervin, Splunk"
}
],
"datePublic": "2026-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint."
}
],
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:18:26.857Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0302"
}
],
"source": {
"advisory": "SVD-2026-0302"
},
"title": "Remote Command Execution (RCE) through the \u0027/splunkd/__upload/indexing/preview\u0027 REST endpoint in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20163",
"datePublished": "2026-03-11T16:18:26.857Z",
"dateReserved": "2025-10-08T11:59:15.389Z",
"dateUpdated": "2026-03-12T13:23:31.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20162 (GCVE-0-2026-20162)
Vulnerability from cvelistv5
Published
2026-03-11 16:18
Modified
2026-03-12 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Summary
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a View (Settings - User Interface - Views) at the `/manager/launcher/data/ui/views/_new` endpoint leading to a Stored Cross-Site Scripting (XSS) through a path traversal vulnerability. This could result in execution of unauthorized JavaScript code in the browser of a user.
The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.3 Version: 9.4 < 9.4.9 Version: 9.3 < 9.3.9 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:39:42.697422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:19:25.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.3",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.9",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.9",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.2510.4",
"status": "affected",
"version": "10.2.2510",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.15",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.11",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.123",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"datePublic": "2026-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload when creating a View (Settings - User Interface - Views) at the `/manager/launcher/data/ui/views/_new` endpoint leading to a Stored Cross-Site Scripting (XSS) through a path traversal vulnerability. This could result in execution of unauthorized JavaScript code in the browser of a user. \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will."
}
],
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload when creating a View (Settings - User Interface - Views) at the `/manager/launcher/data/ui/views/_new` endpoint leading to a Stored Cross-Site Scripting (XSS) through a path traversal vulnerability. This could result in execution of unauthorized JavaScript code in the browser of a user. \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:18:22.880Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0301"
}
],
"source": {
"advisory": "SVD-2026-0301"
},
"title": "Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20162",
"datePublished": "2026-03-11T16:18:22.880Z",
"dateReserved": "2025-10-08T11:59:15.388Z",
"dateUpdated": "2026-03-12T16:19:25.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20166 (GCVE-0-2026-20166)
Vulnerability from cvelistv5
Published
2026-03-11 16:18
Modified
2026-03-12 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Summary
In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control.
This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.2 < 10.2.1 Version: 10.0 < 10.0.4 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:40:11.819588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:19:30.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.1",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"lessThan": "10.0.4",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.2510.5",
"status": "affected",
"version": "10.2.2510",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.16",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.12",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Will Zgoda, Splunk"
}
],
"datePublic": "2026-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control. \n\nThis vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise."
}
],
"value": "In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control. \n\nThis vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:18:17.121Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0305"
}
],
"source": {
"advisory": "SVD-2026-0305"
},
"title": "Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20166",
"datePublished": "2026-03-11T16:18:17.121Z",
"dateReserved": "2025-10-08T11:59:15.390Z",
"dateUpdated": "2026-03-12T16:19:30.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20164 (GCVE-0-2026-20164)
Vulnerability from cvelistv5
Published
2026-03-11 16:18
Modified
2026-03-12 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Summary
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords` REST API endpoint, which exposes the hashed or plaintext password values that are stored in the passwords.conf configuration file due to improper access control. This vulnerability could allow for the unauthorized disclosure of sensitive credentials.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.3 Version: 9.4 < 9.4.9 Version: 9.3 < 9.3.10 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:40:30.867807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:19:36.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.3",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.9",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.10",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.2510.5",
"status": "affected",
"version": "10.2.2510",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.16",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.11",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.123",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alex Hordijk (hordalex)"
}
],
"datePublic": "2026-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could access the `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords` REST API endpoint, which exposes the hashed or plaintext password values that are stored in the passwords.conf configuration file due to improper access control. This vulnerability could allow for the unauthorized disclosure of sensitive credentials."
}
],
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could access the `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords` REST API endpoint, which exposes the hashed or plaintext password values that are stored in the passwords.conf configuration file due to improper access control. This vulnerability could allow for the unauthorized disclosure of sensitive credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:18:01.915Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0303"
}
],
"source": {
"advisory": "SVD-2026-0303"
},
"title": "Sensitive Information Disclosure through Improper Access Control in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20164",
"datePublished": "2026-03-11T16:18:01.915Z",
"dateReserved": "2025-10-08T11:59:15.389Z",
"dateUpdated": "2026-03-12T16:19:36.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20165 (GCVE-0-2026-20165)
Vulnerability from cvelistv5
Published
2026-03-11 16:17
Modified
2026-03-12 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Summary
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.2 < 10.2.1 Version: 10.0 < 10.0.4 Version: 9.4 < 9.4.9 Version: 9.3 < 9.3.10 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:40:54.433220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:19:44.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.1",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"lessThan": "10.0.4",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.9",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.10",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.2510.7",
"status": "affected",
"version": "10.2.2510",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.17",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.12",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.124",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "John Copeland"
}
],
"datePublic": "2026-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could retrieve sensitive information by inspecting the job\u0027s search log due to improper access control in the MongoClient logging channel."
}
],
"value": "In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could retrieve sensitive information by inspecting the job\u0027s search log due to improper access control in the MongoClient logging channel."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:17:54.427Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0304"
}
],
"source": {
"advisory": "SVD-2026-0304"
},
"title": "Sensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20165",
"datePublished": "2026-03-11T16:17:54.427Z",
"dateReserved": "2025-10-08T11:59:15.390Z",
"dateUpdated": "2026-03-12T16:19:44.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20139 (GCVE-0-2026-20139)
Vulnerability from cvelistv5
Published
2026-02-18 16:45
Modified
2026-02-19 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Summary
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client‑side denial‑of‑service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.2 Version: 9.4 < 9.4.8 Version: 9.3 < 9.3.9 Version: 9.2 < 9.2.12 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T19:10:51.635917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T19:28:04.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.2",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.8",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.9",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.12",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.2510.3",
"status": "affected",
"version": "10.2.2510",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.8",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.9",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.121",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ST\u00d6K / Fredrik Alexandersson"
}
],
"datePublic": "2026-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client\u2011side denial\u2011of\u2011service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive."
}
],
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client\u2011side denial\u2011of\u2011service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T16:45:32.308Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0204"
}
],
"source": {
"advisory": "SVD-2026-0204"
},
"title": "Client-Side Denial of Service (DoS) through \u0027\u0027/splunkd/__raw/services/authentication/users/username\u0027\u0027 REST API endpoint in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20139",
"datePublished": "2026-02-18T16:45:32.308Z",
"dateReserved": "2025-10-08T11:59:15.382Z",
"dateUpdated": "2026-02-19T19:28:04.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20144 (GCVE-0-2026-20144)
Vulnerability from cvelistv5
Published
2026-02-18 16:45
Modified
2026-02-26 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Summary
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.2 Version: 9.4 < 9.4.7 Version: 9.3 < 9.3.8 Version: 9.2 < 9.2.11 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T04:55:46.539736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:16.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.2",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.7",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.11",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.11",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.9",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.120",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured."
}
],
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T16:45:23.674Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0209"
}
],
"source": {
"advisory": "SVD-2026-0209"
},
"title": "Sensitive Information Disclosure in \u0027\u0027_internal\u0027\u0027 index in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20144",
"datePublished": "2026-02-18T16:45:23.674Z",
"dateReserved": "2025-10-08T11:59:15.384Z",
"dateUpdated": "2026-02-26T14:44:16.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20137 (GCVE-0-2026-20137)
Vulnerability from cvelistv5
Published
2026-02-18 16:45
Modified
2026-02-18 17:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Summary
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.2 < 10.2.0 Version: 10.0 < 10.0.3 Version: 9.4 < 9.4.5 Version: 9.3 < 9.3.7 Version: 9.2 < 9.2.9 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T17:52:56.461958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T17:55:22.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.0",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"lessThan": "10.0.3",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.5",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.7",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.9",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.0",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.9",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.112",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
},
{
"lessThan": "9.3.2408.122",
"status": "affected",
"version": "9.3.2408",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"datePublic": "2026-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the \"admin\" or \"power\" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability."
}
],
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the \"admin\" or \"power\" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T16:45:17.606Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0202"
}
],
"source": {
"advisory": "SVD-2026-0202"
},
"title": "Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20137",
"datePublished": "2026-02-18T16:45:17.606Z",
"dateReserved": "2025-10-08T11:59:15.381Z",
"dateUpdated": "2026-02-18T17:55:22.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20388 (GCVE-0-2025-20388)
Vulnerability from cvelistv5
Published
2025-12-03 17:00
Modified
2025-12-03 18:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Summary
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.1 Version: 9.4 < 9.4.6 Version: 9.3 < 9.3.8 Version: 9.2 < 9.2.10 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T18:12:35.294523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T18:14:46.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.1",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.6",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.10",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.4",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.6",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.116",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mr Hack (try_to_hack) Santiago Lopez"
}
],
"datePublic": "2025-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment."
}
],
"value": "In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T17:00:59.450Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1207"
}
],
"source": {
"advisory": "SVD-2025-1207"
},
"title": "Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20388",
"datePublished": "2025-12-03T17:00:59.450Z",
"dateReserved": "2024-10-10T19:15:13.265Z",
"dateUpdated": "2025-12-03T18:14:46.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20389 (GCVE-0-2025-20389)
Vulnerability from cvelistv5
Published
2025-12-03 17:00
Modified
2025-12-03 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
Summary
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.2 Version: 9.4 < 9.4.6 Version: 9.3 < 9.3.8 Version: 9.2 < 9.2.10 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:36:48.311013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:37:01.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.2",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.6",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.10",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.6",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.8",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.120",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
},
{
"product": "Splunk Secure Gateway",
"vendor": "Splunk",
"versions": [
{
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9",
"versionType": "custom"
},
{
"lessThan": "3.8.58",
"status": "affected",
"version": "3.8",
"versionType": "custom"
},
{
"lessThan": "3.7.28",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS)."
}
],
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T17:00:55.364Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1208"
}
],
"source": {
"advisory": "SVD-2025-1208"
},
"title": "Improper Input Validation in \"label\" column field in Splunk Secure Gateway App"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20389",
"datePublished": "2025-12-03T17:00:55.364Z",
"dateReserved": "2024-10-10T19:15:13.266Z",
"dateUpdated": "2025-12-03T21:37:01.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20383 (GCVE-0-2025-20383)
Vulnerability from cvelistv5
Published
2025-12-03 17:00
Modified
2025-12-03 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Summary
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.2 Version: 9.4 < 9.4.6 Version: 9.3 < 9.3.8 Version: 9.2 < 9.2.10 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:33:01.823595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:33:17.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.2",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.6",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.10",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.6",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.8",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.120",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
},
{
"product": "Splunk Secure Gateway",
"vendor": "Splunk",
"versions": [
{
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9",
"versionType": "custom"
},
{
"lessThan": "3.8.58",
"status": "affected",
"version": "3.8",
"versionType": "custom"
},
{
"lessThan": "3.7.28",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"datePublic": "2025-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert."
}
],
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T17:00:36.414Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1202"
}
],
"source": {
"advisory": "SVD-2025-1202"
},
"title": "Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20383",
"datePublished": "2025-12-03T17:00:36.414Z",
"dateReserved": "2024-10-10T19:15:13.264Z",
"dateUpdated": "2025-12-03T21:33:17.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20384 (GCVE-0-2025-20384)
Vulnerability from cvelistv5
Published
2025-12-03 17:00
Modified
2025-12-03 21:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-117 - The software does not neutralize or incorrectly neutralizes output that is written to logs.
Summary
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files due to improper validation at the /en-US/static/ web endpoint. This may allow them to poison, forge, or obfuscate sensitive log data through specially crafted HTTP requests, potentially impacting log integrity and detection capabilities.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.1 Version: 9.4 < 9.4.6 Version: 9.3 < 9.3.8 Version: 9.2 < 9.2.10 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:32:13.797275Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:32:24.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.1",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.6",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.10",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.4",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.6",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.117",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ST\u00d6K / Fredrik Alexandersson"
}
],
"datePublic": "2025-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files due to improper validation at the /en-US/static/ web endpoint. This may allow them to poison, forge, or obfuscate sensitive log data through specially crafted HTTP requests, potentially impacting log integrity and detection capabilities."
}
],
"value": "In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files due to improper validation at the /en-US/static/ web endpoint. This may allow them to poison, forge, or obfuscate sensitive log data through specially crafted HTTP requests, potentially impacting log integrity and detection capabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "The software does not neutralize or incorrectly neutralizes output that is written to logs.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T17:00:34.212Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1203"
}
],
"source": {
"advisory": "SVD-2025-1203"
},
"title": "Unauthenticated Log Injection in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20384",
"datePublished": "2025-12-03T17:00:34.212Z",
"dateReserved": "2024-10-10T19:15:13.264Z",
"dateUpdated": "2025-12-03T21:32:24.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20385 (GCVE-0-2025-20385)
Vulnerability from cvelistv5
Published
2025-12-03 17:00
Modified
2025-12-03 21:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Summary
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, which could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.2 Version: 9.4 < 9.4.6 Version: 9.3 < 9.3.8 Version: 9.2 < 9.2.10 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:30:29.194337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:30:42.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.2",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.6",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.10",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.6",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.7",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.117",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dr. Oliver Matula, DB Systel GmbH"
}
],
"datePublic": "2025-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, which could result in execution of unauthorized JavaScript code in the browser of a user."
}
],
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, which could result in execution of unauthorized JavaScript code in the browser of a user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T17:00:29.826Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1204"
}
],
"source": {
"advisory": "SVD-2025-1204"
},
"title": "Stored Cross-Site scripting (XSS) through Anchor Tag \"href\" in Navigation Bar Collections in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20385",
"datePublished": "2025-12-03T17:00:29.826Z",
"dateReserved": "2024-10-10T19:15:13.265Z",
"dateUpdated": "2025-12-03T21:30:42.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20382 (GCVE-0-2025-20382)
Vulnerability from cvelistv5
Published
2025-12-03 17:00
Modified
2025-12-03 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Summary
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a views dashboard with a custom background using the `data:image/png;base64` protocol that could potentially lead to an unvalidated redirect. This behavior circumvents the Splunk external URL warning mechanism by using a specially crafted URL, allowing for a redirection to an external malicious site. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.2 Version: 9.4 < 9.4.6 Version: 9.3 < 9.3.8 Version: 9.2 < 9.2.10 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T21:28:22.162687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T21:28:38.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.2",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.6",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.10",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.10",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.8",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.120",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"datePublic": "2025-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could create a views dashboard with a custom background using the `data:image/png;base64` protocol that could potentially lead to an unvalidated redirect. This behavior circumvents the Splunk external URL warning mechanism by using a specially crafted URL, allowing for a redirection to an external malicious site. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will."
}
],
"value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could create a views dashboard with a custom background using the `data:image/png;base64` protocol that could potentially lead to an unvalidated redirect. This behavior circumvents the Splunk external URL warning mechanism by using a specially crafted URL, allowing for a redirection to an external malicious site. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T17:00:21.824Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1201"
}
],
"source": {
"advisory": "SVD-2025-1201"
},
"title": "URL validation bypass through Views Dashboard in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20382",
"datePublished": "2025-12-03T17:00:21.824Z",
"dateReserved": "2024-10-10T19:15:13.264Z",
"dateUpdated": "2025-12-03T21:28:38.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20379 (GCVE-0-2025-20379)
Vulnerability from cvelistv5
Published
2025-11-12 17:23
Modified
2025-11-12 21:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Summary
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands. They could bypass these safeguards on the “/services/streams/search“ endpoint through its “q“ parameter by circumventing endpoint restrictions using character encoding in the REST path. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.1 Version: 9.4 < 9.4.5 Version: 9.3 < 9.3.7 Version: 9.2 < 9.2.9 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T20:47:25.092580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:04:40.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.1",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.5",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.7",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.9",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.3.2411.116",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
},
{
"lessThan": "9.3.2408.124",
"status": "affected",
"version": "9.3.2408",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.5",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.1",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"datePublic": "2025-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the \u201cadmin\u201c or \u201cpower\u201c Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands. They could bypass these safeguards on the \u201c/services/streams/search\u201c endpoint through its \u201cq\u201c parameter by circumventing endpoint restrictions using character encoding in the REST path. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will."
}
],
"value": "In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the \u201cadmin\u201c or \u201cpower\u201c Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands. They could bypass these safeguards on the \u201c/services/streams/search\u201c endpoint through its \u201cq\u201c parameter by circumventing endpoint restrictions using character encoding in the REST path. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T17:23:00.819Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1102"
}
],
"source": {
"advisory": "SVD-2025-1102"
},
"title": "Risky command safeguards bypass using the \u201c/services/streams/search\u201c REST endpoint through \u201cq\u201c parameter in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20379",
"datePublished": "2025-11-12T17:23:00.819Z",
"dateReserved": "2024-10-10T19:15:13.263Z",
"dateUpdated": "2025-11-12T21:04:40.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20378 (GCVE-0-2025-20378)
Vulnerability from cvelistv5
Published
2025-11-12 17:22
Modified
2025-11-12 21:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Summary
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the `return_to` parameter of the Splunk Web login endpoint. When an authenticated user visits the malicious URL, it could cause an unvalidated redirect to an external malicious site. To be successful, the attacker has to trick the victim into initiating a request from their browser. The unauthenticated attacker should not be able to exploit the vulnerability at will.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.1 Version: 9.4 < 9.4.5 Version: 9.3 < 9.3.7 Version: 9.2 < 9.2.9 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T20:47:32.175559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:04:48.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.1",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.5",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.7",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.9",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.2503.5",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.111",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
},
{
"lessThan": "9.3.2408.121",
"status": "affected",
"version": "9.3.2408",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Diogo Real (c0rte)"
}
],
"datePublic": "2025-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the `return_to` parameter of the Splunk Web login endpoint. When an authenticated user visits the malicious URL, it could cause an unvalidated redirect to an external malicious site. To be successful, the attacker has to trick the victim into initiating a request from their browser. The unauthenticated attacker should not be able to exploit the vulnerability at will."
}
],
"value": "In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the `return_to` parameter of the Splunk Web login endpoint. When an authenticated user visits the malicious URL, it could cause an unvalidated redirect to an external malicious site. To be successful, the attacker has to trick the victim into initiating a request from their browser. The unauthenticated attacker should not be able to exploit the vulnerability at will."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T17:22:56.630Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1101"
}
],
"source": {
"advisory": "SVD-2025-1101"
},
"title": "Open Redirect on Web Login endpoint in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20378",
"datePublished": "2025-11-12T17:22:56.630Z",
"dateReserved": "2024-10-10T19:15:13.263Z",
"dateUpdated": "2025-11-12T21:04:48.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20368 (GCVE-0-2025-20368)
Vulnerability from cvelistv5
Published
2025-10-01 16:08
Modified
2025-10-01 17:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Summary
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection details of a saved search. This could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.0 Version: 9.4 < 9.4.4 Version: 9.3 < 9.3.6 Version: 9.2 < 9.2.8 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T17:22:31.984073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T17:35:52.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.0",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.4",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.6",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.8",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.3.2411.108",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
},
{
"lessThan": "9.3.2408.118",
"status": "affected",
"version": "9.3.2408",
"versionType": "custom"
},
{
"lessThan": "9.2.2406.123",
"status": "affected",
"version": "9.2.2406",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"datePublic": "2025-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection details of a saved search. This could result in execution of unauthorized JavaScript code in the browser of a user."
}
],
"value": "In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection details of a saved search. This could result in execution of unauthorized JavaScript code in the browser of a user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T16:08:04.403Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1003"
}
],
"source": {
"advisory": "SVD-2025-1003"
},
"title": "Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inspector on Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20368",
"datePublished": "2025-10-01T16:08:04.403Z",
"dateReserved": "2024-10-10T19:15:13.261Z",
"dateUpdated": "2025-10-01T17:35:52.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20371 (GCVE-0-2025-20371)
Vulnerability from cvelistv5
Published
2025-10-01 16:08
Modified
2026-02-26 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Summary
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.1 Version: 9.4 < 9.4.4 Version: 9.3 < 9.3.6 Version: 9.2 < 9.2.8 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T03:55:48.000082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:25.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.1",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.4",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.6",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.8",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.3.2411.109",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
},
{
"lessThan": "9.3.2408.119",
"status": "affected",
"version": "9.3.2408",
"versionType": "custom"
},
{
"lessThan": "9.2.2406.122",
"status": "affected",
"version": "9.2.2406",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alex Hordijk (hordalex)"
}
],
"datePublic": "2025-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user."
}
],
"value": "In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T16:08:02.891Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1006"
}
],
"source": {
"advisory": "SVD-2025-1006"
},
"title": "Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20371",
"datePublished": "2025-10-01T16:08:02.891Z",
"dateReserved": "2024-10-10T19:15:13.262Z",
"dateUpdated": "2026-02-26T17:48:25.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20367 (GCVE-0-2025-20367)
Vulnerability from cvelistv5
Published
2025-10-01 16:08
Modified
2025-10-01 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Summary
In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the `dataset.command` parameter of the `/app/search/table` endpoint, which could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.0 Version: 9.4 < 9.4.4 Version: 9.3 < 9.3.6 Version: 9.2 < 9.2.8 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T17:19:40.128884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T17:40:43.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.0",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.4",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.6",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.8",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.3.2411.109",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
},
{
"lessThan": "9.3.2408.119",
"status": "affected",
"version": "9.3.2408",
"versionType": "custom"
},
{
"lessThan": "9.2.2406.122",
"status": "affected",
"version": "9.2.2406",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
},
{
"lang": "en",
"value": "Anudeep Gandla, Splunk"
}
],
"datePublic": "2025-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious payload through the `dataset.command` parameter of the `/app/search/table` endpoint, which could result in execution of unauthorized JavaScript code in the browser of a user."
}
],
"value": "In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious payload through the `dataset.command` parameter of the `/app/search/table` endpoint, which could result in execution of unauthorized JavaScript code in the browser of a user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T16:08:01.304Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1002"
}
],
"source": {
"advisory": "SVD-2025-1002"
},
"title": "Reflected Cross-site Scripting (XSS) in \u0027/app/search/table\u0027 endpoint through the \u0027dataset.command\u0027 parameter on Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20367",
"datePublished": "2025-10-01T16:08:01.304Z",
"dateReserved": "2024-10-10T19:15:13.261Z",
"dateUpdated": "2025-10-01T17:40:43.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20366 (GCVE-0-2025-20366)
Vulnerability from cvelistv5
Published
2025-10-01 16:07
Modified
2025-10-01 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Summary
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privileged user guesses the search job’s unique Search ID (SID), the user could retrieve the results of that job, potentially exposing sensitive search results. For more information see https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/about-jobs-and-job-management and https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/manage-search-jobs.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.0 Version: 9.4 < 9.4.4 Version: 9.3 < 9.3.6 Version: 9.2 < 9.2.8 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T17:47:15.448129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T17:47:24.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.0",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.4",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.6",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.8",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.3.2411.111",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
},
{
"lessThan": "9.3.2408.119",
"status": "affected",
"version": "9.3.2408",
"versionType": "custom"
},
{
"lessThan": "9.2.2406.122",
"status": "affected",
"version": "9.2.2406",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privileged user guesses the search job\u2019s unique Search ID (SID), the user could retrieve the results of that job, potentially exposing sensitive search results. For more information see https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/about-jobs-and-job-management and https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/manage-search-jobs."
}
],
"value": "In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privileged user guesses the search job\u2019s unique Search ID (SID), the user could retrieve the results of that job, potentially exposing sensitive search results. For more information see https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/about-jobs-and-job-management and https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/manage-search-jobs."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T16:07:56.027Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1001"
}
],
"source": {
"advisory": "SVD-2025-1001"
},
"title": "Improper Access Control in Background Job Submission in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20366",
"datePublished": "2025-10-01T16:07:56.027Z",
"dateReserved": "2024-10-10T19:15:13.261Z",
"dateUpdated": "2025-10-01T17:47:24.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20369 (GCVE-0-2025-20369)
Vulnerability from cvelistv5
Published
2025-10-01 16:07
Modified
2025-10-01 17:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-776 - The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
Summary
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE injection has the potential to cause denial of service (DoS) attacks.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 10.0 < 10.0.0 Version: 9.4 < 9.4.4 Version: 9.3 < 9.3.6 Version: 9.2 < 9.2.8 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T17:22:49.875195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T17:36:17.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.0.0",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.4",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.6",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.8",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.3.2411.108",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
},
{
"lessThan": "9.3.2408.118",
"status": "affected",
"version": "9.3.2408",
"versionType": "custom"
},
{
"lessThan": "9.2.2406.123",
"status": "affected",
"version": "9.2.2406",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Eric LaMothe, Splunk"
}
],
"datePublic": "2025-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the \"admin\" or \"power\" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE injection has the potential to cause denial of service (DoS) attacks."
}
],
"value": "In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the \"admin\" or \"power\" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE injection has the potential to cause denial of service (DoS) attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-776",
"description": "The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T16:07:52.488Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-1004"
}
],
"source": {
"advisory": "SVD-2025-1004"
},
"title": "Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20369",
"datePublished": "2025-10-01T16:07:52.488Z",
"dateReserved": "2024-10-10T19:15:13.261Z",
"dateUpdated": "2025-10-01T17:36:17.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20325 (GCVE-0-2025-20325)
Vulnerability from cvelistv5
Published
2025-07-07 17:48
Modified
2025-07-08 13:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Summary
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) key. This exposure could happen if you have a Search Head cluster and you configure the Splunk Enterprise `SHCConfig` log channel at the DEBUG logging level in the clustered deployment. <br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. <br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities), [Deploy a search head cluster](https://help.splunk.com/en/splunk-enterprise/administer/distributed-search/9.4/deploy-search-head-clustering/deploy-a-search-head-cluster), [Deploy secure passwords across multiple servers](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) and [Set a security key for the search head cluster](https://help.splunk.com/splunk-enterprise/administer/distributed-search/9.4/configure-search-head-clustering/set-a-security-key-for-the-search-head-cluster#id_2c54937a_736c_47b5_9485_67e9e390acfa__Set_a_security_key_for_the_search_head_cluster) for more information.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 9.4 < 9.4.3 Version: 9.3 < 9.3.5 Version: 9.2 < 9.2.7 Version: 9.1 < 9.1.10 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T13:31:42.379482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T13:31:51.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.4.3",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.5",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.7",
"status": "affected",
"version": "9.2",
"versionType": "custom"
},
{
"lessThan": "9.1.10",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.3.2411.103",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
},
{
"lessThan": "9.3.2408.113",
"status": "affected",
"version": "9.3.2408",
"versionType": "custom"
},
{
"lessThan": "9.2.2406.119",
"status": "affected",
"version": "9.2.2406",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) key. This exposure could happen if you have a Search Head cluster and you configure the Splunk Enterprise\u00a0`SHCConfig`\u00a0log channel at the DEBUG logging level in the clustered deployment. \u003cbr\u003e\u003cbr\u003eThe vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. \u003cbr\u003e\u003cbr\u003eSee [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities), [Deploy a search head cluster](https://help.splunk.com/en/splunk-enterprise/administer/distributed-search/9.4/deploy-search-head-clustering/deploy-a-search-head-cluster), [Deploy secure passwords across multiple servers](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) and [Set a security key for the search head cluster](https://help.splunk.com/splunk-enterprise/administer/distributed-search/9.4/configure-search-head-clustering/set-a-security-key-for-the-search-head-cluster#id_2c54937a_736c_47b5_9485_67e9e390acfa__Set_a_security_key_for_the_search_head_cluster) for more information."
}
],
"value": "In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) key. This exposure could happen if you have a Search Head cluster and you configure the Splunk Enterprise\u00a0`SHCConfig`\u00a0log channel at the DEBUG logging level in the clustered deployment. \u003cbr\u003e\u003cbr\u003eThe vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. \u003cbr\u003e\u003cbr\u003eSee [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities), [Deploy a search head cluster](https://help.splunk.com/en/splunk-enterprise/administer/distributed-search/9.4/deploy-search-head-clustering/deploy-a-search-head-cluster), [Deploy secure passwords across multiple servers](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) and [Set a security key for the search head cluster](https://help.splunk.com/splunk-enterprise/administer/distributed-search/9.4/configure-search-head-clustering/set-a-security-key-for-the-search-head-cluster#id_2c54937a_736c_47b5_9485_67e9e390acfa__Set_a_security_key_for_the_search_head_cluster) for more information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:48:02.265Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-0709"
}
],
"source": {
"advisory": "SVD-2025-0709"
},
"title": "Sensitive Information Disclosure in the SHCConfig logging channel in Clustered Deployments in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20325",
"datePublished": "2025-07-07T17:48:02.265Z",
"dateReserved": "2024-10-10T19:15:13.254Z",
"dateUpdated": "2025-07-08T13:31:51.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20300 (GCVE-0-2025-20300)
Vulnerability from cvelistv5
Published
2025-07-07 17:47
Modified
2025-07-08 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Summary
In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-and-throttling/define-alert-suppression-groups-to-throttle-sets-of-similar-alerts).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 9.4 < 9.4.2 Version: 9.3 < 9.3.5 Version: 9.2 < 9.2.6 Version: 9.1 < 9.1.9 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T13:37:31.112880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T13:37:50.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.4.2",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.5",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.6",
"status": "affected",
"version": "9.2",
"versionType": "custom"
},
{
"lessThan": "9.1.9",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.3.2411.103",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
},
{
"lessThan": "9.3.2408.112",
"status": "affected",
"version": "9.3.2408",
"versionType": "custom"
},
{
"lessThan": "9.2.2406.119",
"status": "affected",
"version": "9.2.2406",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"datePublic": "2025-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-and-throttling/define-alert-suppression-groups-to-throttle-sets-of-similar-alerts)."
}
],
"value": "In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-and-throttling/define-alert-suppression-groups-to-throttle-sets-of-similar-alerts)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:47:58.250Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2025-0708"
}
],
"source": {
"advisory": "SVD-2025-0708"
},
"title": "Improper Access Control Lets Low-Privilege Users Suppress Read-Only Alerts in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20300",
"datePublished": "2025-07-07T17:47:58.250Z",
"dateReserved": "2024-10-10T19:15:13.252Z",
"dateUpdated": "2025-07-08T13:37:50.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2026-AVI-0281
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk AppDynamics Private Synthetic Agent | Splunk AppDynamics Private Synthetic Agent versions 26.1.x antérieures à 26.1.0 | ||
| Splunk | Splunk AppDynamics On-Premises Enterprise Console | Splunk AppDynamics On-Premises Enterprise Console versions 26.1.x antérieures à 26.1.1 | ||
| Splunk | Splunk AppDynamics Database Agent | Splunk AppDynamics Database Agent versions 26.1.x antérieures à 26.1.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.12 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.124 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.9 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.2.x antérieures à 10.2.1 | ||
| Splunk | Splunk AppDynamics NodeJS Agent | Splunk AppDynamics NodeJS Agent versions 25.12.x antérieures à 25.12.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.4 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.10 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.17 | ||
| Splunk | Splunk AppDynamics Java Agent | Splunk AppDynamics Java Agent versions 26.1.x antérieures à 26.1.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk AppDynamics Private Synthetic Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
"product": {
"name": "Splunk AppDynamics Private Synthetic Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics On-Premises Enterprise Console versions 26.1.x ant\u00e9rieures \u00e0 26.1.1",
"product": {
"name": "Splunk AppDynamics On-Premises Enterprise Console",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Database Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
"product": {
"name": "Splunk AppDynamics Database Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.12",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.124",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.9",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics NodeJS Agent versions 25.12.x ant\u00e9rieures \u00e0 25.12.1",
"product": {
"name": "Splunk AppDynamics NodeJS Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.4",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.10",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.17",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Java Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
"product": {
"name": "Splunk AppDynamics Java Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.7",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2018-16864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16864"
},
{
"name": "CVE-2025-48073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48073"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-11219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11219"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-1594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1594"
},
{
"name": "CVE-2025-3887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3887"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2025-4574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4574"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2025-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
},
{
"name": "CVE-2025-12433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12433"
},
{
"name": "CVE-2025-12444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12444"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2024-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
},
{
"name": "CVE-2025-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11213"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-12036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12036"
},
{
"name": "CVE-2012-0871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0871"
},
{
"name": "CVE-2025-4056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4056"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2025-0518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0518"
},
{
"name": "CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-12438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12438"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2025-12435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12435"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2013-4394",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4394"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2025-64183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64183"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2025-47808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47808"
},
{
"name": "CVE-2021-46877",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46877"
},
{
"name": "CVE-2026-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
},
{
"name": "CVE-2017-18078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18078"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2025-11207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11207"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2025-13223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13223"
},
{
"name": "CVE-2025-12431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12431"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2024-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2026-21226",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21226"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2025-12726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12726"
},
{
"name": "CVE-2025-12445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12445"
},
{
"name": "CVE-2025-12437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12437"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2025-69230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69230"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-14512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-0716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0716"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-12434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12434"
},
{
"name": "CVE-2025-69225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-12439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12439"
},
{
"name": "CVE-2018-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16865"
},
{
"name": "CVE-2025-14874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14874"
},
{
"name": "CVE-2020-17521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17521"
},
{
"name": "CVE-2024-54677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54677"
},
{
"name": "CVE-2025-48072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48072"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-12432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12432"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-10966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2026-20165",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20165"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2025-22919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22919"
},
{
"name": "CVE-2024-23672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
},
{
"name": "CVE-2025-69227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
},
{
"name": "CVE-2021-33910",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-12443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12443"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-6602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6602"
},
{
"name": "CVE-2025-11215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11215"
},
{
"name": "CVE-2013-4393",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4393"
},
{
"name": "CVE-2019-3842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3842"
},
{
"name": "CVE-2025-11205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11205"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-12725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12725"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2025-11208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11208"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2024-8372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8372"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2025-3360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11756"
},
{
"name": "CVE-2025-59730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59730"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2020-13776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13776"
},
{
"name": "CVE-2025-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13033"
},
{
"name": "CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11212"
},
{
"name": "CVE-2025-12495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12495"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2025-12840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12840"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-11458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11458"
},
{
"name": "CVE-2020-1712",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1712"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-12429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12429"
},
{
"name": "CVE-2026-20164",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20164"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-11211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11211"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-26118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-69228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
},
{
"name": "CVE-2025-59250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59250"
},
{
"name": "CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2025-47807",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47807"
},
{
"name": "CVE-2025-47806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47806"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-64182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64182"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2023-6604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6604"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2017-9217",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9217"
},
{
"name": "CVE-2025-60753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60753"
},
{
"name": "CVE-2025-64181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64181"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-12436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12436"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2013-4327",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4327"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-12446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12446"
},
{
"name": "CVE-2025-13228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13228"
},
{
"name": "CVE-2013-4391",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4391"
},
{
"name": "CVE-2026-20166",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20166"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-12441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12441"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2025-47183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47183"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2023-6601",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6601"
},
{
"name": "CVE-2018-16888",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16888"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-69226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2025-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13224"
},
{
"name": "CVE-2025-13042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13042"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2025-11460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11460"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2025-13229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13229"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2025-12440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12440"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2025-11216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11216"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2018-1049",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1049"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-11210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11210"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2022-31159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
},
{
"name": "CVE-2025-12729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12729"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-10256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10256"
},
{
"name": "CVE-2026-20162",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20162"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-12839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12839"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-37727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37727"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2019-3844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3844"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-12728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12728"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2023-6605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6605"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2025-12430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12430"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2025-11206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11206"
},
{
"name": "CVE-2025-62408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62408"
},
{
"name": "CVE-2018-15686",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15686"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2025-9951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9951"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2025-59729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59729"
},
{
"name": "CVE-2025-48071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48071"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2025-69224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69224"
},
{
"name": "CVE-2025-2759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2759"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2025-69229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
},
{
"name": "CVE-2024-8373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8373"
},
{
"name": "CVE-2025-11209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11209"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2024-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21490"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2023-49501",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49501"
},
{
"name": "CVE-2019-3843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3843"
},
{
"name": "CVE-2018-6954",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2026-26981",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26981"
},
{
"name": "CVE-2025-12447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12447"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2013-4392",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4392"
},
{
"name": "CVE-2025-48074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48074"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2016-7795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7795"
},
{
"name": "CVE-2025-12727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12727"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2025-12428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12428"
},
{
"name": "CVE-2026-20163",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20163"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2026-03-12T00:00:00",
"last_revision_date": "2026-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0281",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0302",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0302"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0311",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0311"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0308",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0308"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0309",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0309"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0305",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0305"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0310",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0310"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0304",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0304"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0301",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0301"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0313",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0313"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0306",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0306"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0303",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0303"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0307",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0307"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0312",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0312"
}
]
}
CERTFR-2026-AVI-0188
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.x antérieures à 10.0.2503.9 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.8 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 9.3.x antérieures à 9.3.9 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 10.0.x antérieures à 10.0.3 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.9 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.3 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.8 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.2.x antérieures à 9.2.12 | ||
| Splunk | Splunk DB Connect | Splunk DB Connect versions 4.2.x antérieures à 4.2.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.11 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.9 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 9.2.x antérieures à 9.2.12 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.3 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.121 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Cloud Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.2503.9",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 9.4.x ant\u00e9rieures \u00e0 9.4.8",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 9.3.x ant\u00e9rieures \u00e0 9.3.9",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 10.0.x ant\u00e9rieures \u00e0 10.0.3",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.9",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.3",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.8",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk DB Connect versions 4.2.x ant\u00e9rieures \u00e0 4.2.0",
"product": {
"name": "Splunk DB Connect",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.11",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.9",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 9.2.x ant\u00e9rieures \u00e0 9.2.12",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.3",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.121",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2026-20140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20140"
},
{
"name": "CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2026-20139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20139"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2026-20138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20138"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2026-20144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20144"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2026-20143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20143"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2026-20141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20141"
},
{
"name": "CVE-2026-20142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20142"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2026-20137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20137"
}
],
"initial_release_date": "2026-02-19T00:00:00",
"last_revision_date": "2026-02-19T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0188",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0210",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0210"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0206",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0206"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0204",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0204"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0211",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0211"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0202",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0202"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0205",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0205"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0203",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0203"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0207",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0207"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0209",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0209"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0208",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0208"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0212",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0212"
}
]
}
CERTFR-2025-AVI-0838
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.109 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.2.2406 antérieures à 9.2.2406.123 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2408 antérieures à 9.3.2408.119 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise Cloud versions 9.2.2406 antérieures à 9.2.2406.123 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.0 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.2.x antérieures à 9.2.8 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.4 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.6 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise Cloud versions 9.3.2411 antérieures à 9.3.2411.108 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise Cloud versions 9.3.2408 antérieures à 9.3.2408.118 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.111 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.109",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.2.2406 ant\u00e9rieures \u00e0 9.2.2406.123",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2408 ant\u00e9rieures \u00e0 9.3.2408.119",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise Cloud versions 9.2.2406 ant\u00e9rieures \u00e0 9.2.2406.123",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.0",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.8",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.4",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise Cloud versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.108",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise Cloud versions 9.3.2408 ant\u00e9rieures \u00e0 9.3.2408.118",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.111",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2025-20367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20367"
},
{
"name": "CVE-2024-7553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7553"
},
{
"name": "CVE-2025-20366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20366"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2025-20370",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20370"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20369"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2024-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1351"
},
{
"name": "CVE-2025-20371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20371"
},
{
"name": "CVE-2025-20368",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20368"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
}
],
"initial_release_date": "2025-10-02T00:00:00",
"last_revision_date": "2025-10-02T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0838",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1006",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1006"
},
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1005",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1005"
},
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1002",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1002"
},
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1004",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1004"
},
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1007",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1007"
},
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1003",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1003"
},
{
"published_at": "2025-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1001",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1001"
}
]
}
CERTFR-2025-AVI-0473
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411.x antérieures à 9.3.2411.102 | ||
| Splunk | Universal Forwarder | Universal Forwarder versions 9.3.x antérieures à 9.3.4 | ||
| Splunk | Universal Forwarder | Universal Forwarder versions 9.2.x antérieures à 9.2.6 | ||
| Splunk | Universal Forwarder | Universal Forwarder versions 9.4.x antérieures à 9.4.2 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.1.x antérieures à 9.1.9 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2408.x antérieures à 9.3.2408.111 | ||
| Splunk | Universal Forwarder | Universal Forwarder versions 9.1.x antérieures à 9.1.9 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.2 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2406.x antérieures à 9.3.2406.118 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.2.x antérieures à 9.2.6 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.4 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Cloud Platform versions 9.3.2411.x ant\u00e9rieures \u00e0 9.3.2411.102",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Universal Forwarder versions 9.3.x ant\u00e9rieures \u00e0 9.3.4",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Universal Forwarder versions 9.2.x ant\u00e9rieures \u00e0 9.2.6",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Universal Forwarder versions 9.4.x ant\u00e9rieures \u00e0 9.4.2",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.9",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2408.x ant\u00e9rieures \u00e0 9.3.2408.111",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Universal Forwarder versions 9.1.x ant\u00e9rieures \u00e0 9.1.9",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.2",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2406.x ant\u00e9rieures \u00e0 9.3.2406.118",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.4",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-53259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53259"
},
{
"name": "CVE-2025-20298",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20298"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2022-31159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
},
{
"name": "CVE-2025-20297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20297"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
}
],
"initial_release_date": "2025-06-03T00:00:00",
"last_revision_date": "2025-06-03T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0473",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2025-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0602",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0602"
},
{
"published_at": "2025-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0603",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0603"
},
{
"published_at": "2025-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0601",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0601"
},
{
"published_at": "2025-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0604",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0604"
}
]
}