The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Splunk Enterprise

vulnerability note CVE-2018-7431

Splunk Enterprise: directory traversal via Django App

Synthesis of the vulnerability

Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 18/10/2018.
Identifiers: CVE-2018-7431, SP-CAAAP5T, VIGILANCE-VUL-27584.

Description of the vulnerability

An attacker can traverse directories via Django App of Splunk Enterprise, in order to read a file outside the service root path.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-7432

Splunk Enterprise: denial of service via HTTP Request

Synthesis of the vulnerability

Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 18/10/2018.
Identifiers: CVE-2018-7432, SP-CAAAP2K, SP-CAAAP5T, SPL-135650, VIGILANCE-VUL-27583.

Description of the vulnerability

An attacker can generate a fatal error via HTTP Request of Splunk Enterprise, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-7427

Splunk Enterprise: Cross Site Scripting via Splunk Web

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Splunk Web of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 18/10/2018.
Identifiers: CVE-2018-7427, SP-CAAAP2K, SP-CAAAP5T, SPL-135650, VIGILANCE-VUL-27582.

Description of the vulnerability

The Splunk Enterprise product offers a web service.

However, it does not filter received data via Splunk Web before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Splunk Web of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-11409

Splunk: information disclosure via __raw

Synthesis of the vulnerability

An authenticated attacker can use a vulnerability via __raw of Splunk, in order to obtain sensitive information.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 11/06/2018.
Revision date: 19/06/2018.
Identifiers: CVE-2018-11409, SP-CAAAP5E, VIGILANCE-VUL-26369.

Description of the vulnerability

The Splunk product offers a REST service.

However, an authenticated attacker can use a __raw url to access to some information about system installation.

An authenticated attacker can therefore use a vulnerability via __raw of Splunk, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-17067

Splunk Enterprise: privilege escalation via SAML

Synthesis of the vulnerability

Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 15/11/2017.
Identifiers: CVE-2017-17067, SP-CAAAP3K, VIGILANCE-VUL-24450.

Description of the vulnerability

An attacker can bypass restrictions via SAML of Splunk Enterprise, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 24273

Splunk Enterprise: privilege escalation via Non-root User Configuration

Synthesis of the vulnerability

Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 30/10/2017.
Identifiers: KL-001-2017-022, SP-CAAAP3M, SPL-144192, VIGILANCE-VUL-24273.

Description of the vulnerability

An attacker can bypass restrictions via Non-root User Configuration of Splunk Enterprise, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 23545

Splunk Enterprise: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 16/08/2017.
Identifiers: SP-CAAAP3H, SPL-142874, SPL-142877, VIGILANCE-VUL-23545.

Description of the vulnerability

The Splunk Enterprise product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 22517

Splunk Enterprise: three Cross Site Scripting via Splunk Web

Synthesis of the vulnerability

An attacker can trigger three Cross Site Scripting via Splunk Web of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 20/04/2017.
Identifiers: SP-CAAAP2K, SPL-135650, VIGILANCE-VUL-22517.

Description of the vulnerability

The Splunk Enterprise product offers a web service.

However, it does not filter received data via Splunk Web before inserting them in generated HTML documents.

An attacker can therefore trigger three Cross Site Scripting via Splunk Web of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 22293

Splunk Enterprise: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/03/2017.
Identifiers: SP-CAAAPZ3, SPL-134841, VIGILANCE-VUL-22293.

Description of the vulnerability

The Splunk Enterprise product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-5607

Splunk Enterprise: information disclosure via JSON

Synthesis of the vulnerability

Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 31/03/2017.
Identifiers: CVE-2017-5607, SP-CAAAPZ3, SPL-134841, VIGILANCE-VUL-22292.

Description of the vulnerability

An attacker can bypass access restrictions to data via JSON of Splunk Enterprise, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Splunk Enterprise: