The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Splunk Enterprise

computer vulnerability announce CVE-2019-5727

Splunk Enterprise: Cross Site Scripting via Splunk Web

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Splunk Web of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/02/2019.
Identifiers: CVE-2019-5727, SP-CAAAQAF, SPL-138827, VIGILANCE-VUL-28557.

Description of the vulnerability

The Splunk Enterprise product offers a web service.

However, it does not filter received data via Splunk Web before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Splunk Web of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-7431

Splunk Enterprise: directory traversal via Django App

Synthesis of the vulnerability

An attacker can traverse directories via Django App of Splunk Enterprise, in order to read a file outside the service root path.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 18/10/2018.
Identifiers: CVE-2018-7431, SP-CAAAP5T, VIGILANCE-VUL-27584.

Description of the vulnerability

An attacker can traverse directories via Django App of Splunk Enterprise, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-7432

Splunk Enterprise: denial of service via HTTP Request

Synthesis of the vulnerability

An attacker can generate a fatal error via HTTP Request of Splunk Enterprise, in order to trigger a denial of service.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 18/10/2018.
Identifiers: CVE-2018-7432, SP-CAAAP2K, SP-CAAAP5T, SPL-135650, VIGILANCE-VUL-27583.

Description of the vulnerability

An attacker can generate a fatal error via HTTP Request of Splunk Enterprise, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-7427

Splunk Enterprise: Cross Site Scripting via Splunk Web

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Splunk Web of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 18/10/2018.
Identifiers: CVE-2018-7427, SP-CAAAP2K, SP-CAAAP5T, SPL-135650, VIGILANCE-VUL-27582.

Description of the vulnerability

The Splunk Enterprise product offers a web service.

However, it does not filter received data via Splunk Web before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Splunk Web of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-11409

Splunk: information disclosure via __raw

Synthesis of the vulnerability

An authenticated attacker can use a vulnerability via __raw of Splunk, in order to obtain sensitive information.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 11/06/2018.
Revision date: 19/06/2018.
Identifiers: CVE-2018-11409, SP-CAAAP5E, VIGILANCE-VUL-26369.

Description of the vulnerability

The Splunk product offers a REST service.

However, an authenticated attacker can use a __raw url to access to some information about system installation.

An authenticated attacker can therefore use a vulnerability via __raw of Splunk, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-17067

Splunk Enterprise: privilege escalation via SAML

Synthesis of the vulnerability

An attacker can bypass restrictions via SAML of Splunk Enterprise, in order to escalate his privileges.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 15/11/2017.
Identifiers: CVE-2017-17067, SP-CAAAP3K, VIGILANCE-VUL-24450.

Description of the vulnerability

An attacker can bypass restrictions via SAML of Splunk Enterprise, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 24273

Splunk Enterprise: privilege escalation via Non-root User Configuration

Synthesis of the vulnerability

An attacker can bypass restrictions via Non-root User Configuration of Splunk Enterprise, in order to escalate his privileges.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 30/10/2017.
Identifiers: KL-001-2017-022, SP-CAAAP3M, SPL-144192, VIGILANCE-VUL-24273.

Description of the vulnerability

An attacker can bypass restrictions via Non-root User Configuration of Splunk Enterprise, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 23545

Splunk Enterprise: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 16/08/2017.
Identifiers: SP-CAAAP3H, SPL-142874, SPL-142877, VIGILANCE-VUL-23545.

Description of the vulnerability

The Splunk Enterprise product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 22517

Splunk Enterprise: three Cross Site Scripting via Splunk Web

Synthesis of the vulnerability

An attacker can trigger three Cross Site Scripting via Splunk Web of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/04/2017.
Identifiers: SP-CAAAP2K, SPL-135650, VIGILANCE-VUL-22517.

Description of the vulnerability

The Splunk Enterprise product offers a web service.

However, it does not filter received data via Splunk Web before inserting them in generated HTML documents.

An attacker can therefore trigger three Cross Site Scripting via Splunk Web of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 22293

Splunk Enterprise: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 31/03/2017.
Identifiers: SP-CAAAPZ3, SPL-134841, VIGILANCE-VUL-22293.

Description of the vulnerability

The Splunk Enterprise product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Splunk Enterprise, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Splunk Enterprise: