目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

Splunk 厂商漏洞列表 / CVE 中文分析 155

Splunk 厂商相关 155 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Splunk 是一家专注于大数据分析与机器智能的厂商,其核心产品用于收集、索引并分析机器生成的海量数据,广泛应用于安全监控与运营。历史漏洞多涉及远程代码执行、跨站脚本及权限绕过,部分源于组件依赖。尽管其平台具备强大的日志关联分析能力,但攻击面广泛,需持续强化配置与补丁管理以应对潜在风险。

上位製品 Splunk: Splunk Enterprise Splunk Add-on Builder Splunk App for Lookup File Editing Splunk Enterprise Security (ES) Splunk MCP Server Splunk App for Stream Splunk SOAR (On-premises) Splunk ITSI Splunk App for SOAR Splunk Supporting Add-on for Active Directory Splunk/UniversalForwarder for Windows Splunk Add-on for Palo Alto Networks
CVE IDタイトルCVSS深刻度公開日
CVE-2024-23677 Server Response Disclosure in RapidDiag Salesforce.com Log File — Splunk EnterpriseCWE-532 4.3 Medium2024-01-22
CVE-2024-23675 Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion — Splunk EnterpriseCWE-284 6.5 Medium2024-01-22
CVE-2024-22164 Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments — Splunk Enterprise Security (ES)CWE-400 4.3 Medium2024-01-09
CVE-2024-22165 Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation — Splunk Enterprise Security (ES)CWE-20 6.5 Medium2024-01-09
CVE-2023-46213 Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page — Splunk EnterpriseCWE-79 4.8 Medium2023-11-16
CVE-2023-46214 Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing — Splunk EnterpriseCWE-91 8.0 High2023-11-16
CVE-2023-40597 Absolute Path Traversal in Splunk Enterprise Using runshellscript.py — Splunk EnterpriseCWE-36 7.8 High2023-08-30
CVE-2023-40596 Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL — Splunk EnterpriseCWE-665 7.0 High2023-08-30
CVE-2023-40594 Denial of Service (DoS) via the ‘printf’ Search Function — Splunk EnterpriseCWE-400 6.5 Medium2023-08-30
CVE-2023-40593 Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request — Splunk EnterpriseCWE-400 6.3 Medium2023-08-30
CVE-2023-4571 Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI) — Splunk ITSICWE-117 8.6 High2023-08-30
CVE-2023-40592 Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint — Splunk EnterpriseCWE-79 8.4 High2023-08-30
CVE-2023-40595 Remote Code Execution via Serialized Session Payload — Splunk EnterpriseCWE-502 8.8 High2023-08-30
CVE-2023-40598 Command Injection in Splunk Enterprise Using External Lookups — Splunk EnterpriseCWE-77 8.5 High2023-08-30
CVE-2023-3997 Unauthenticated Log Injection In Splunk SOAR — Splunk SOAR (On-premises)CWE-117 8.6 High2023-07-31
CVE-2023-32709 Low-privileged User can View Hashed Default Splunk Password — Splunk EnterpriseCWE-285 4.3 Medium2023-06-01
CVE-2023-32707 ‘edit_user’ Capability Privilege Escalation — Splunk EnterpriseCWE-285 8.8 High2023-06-01
CVE-2023-32714 Path Traversal in Splunk App for Lookup File Editing — Splunk App for Lookup File EditingCWE-35 8.1 High2023-06-01
CVE-2023-32713 Local Privilege Escalation via the ‘streamfwd’ program in Splunk App for Stream — Splunk App for StreamCWE-269 7.8 High2023-06-01
CVE-2023-32712 Unauthenticated Log Injection in Splunk Enterprise — Splunk EnterpriseCWE-117 8.6 High2023-06-01
CVE-2023-32716 Denial of Service via the 'dump' SPL command — Splunk EnterpriseCWE-754 6.5 Medium2023-06-01
CVE-2023-32710 Information Disclosure via the ‘copyresults’ SPL Command — Splunk EnterpriseCWE-200 4.8 Medium2023-06-01
CVE-2023-32717 Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results — Splunk EnterpriseCWE-285 4.3 Medium2023-06-01
CVE-2023-32715 Self Cross-Site Scripting (XSS) on Splunk App for Lookup File Editing — Splunk App for Lookup File EditingCWE-79 4.7 Medium2023-06-01
CVE-2023-32706 Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication — Splunk EnterpriseCWE-611 7.7 High2023-06-01
CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View — Splunk EnterpriseCWE-79 5.4 Medium2023-06-01
CVE-2023-32708 HTTP Response Splitting via the ‘rest’ SPL Command — Splunk EnterpriseCWE-113 7.2 High2023-06-01
CVE-2023-22939 SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise — Splunk EnterpriseCWE-20 8.1 High2023-02-14
CVE-2023-22938 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise — Splunk EnterpriseCWE-285 4.3 Medium2023-02-14
CVE-2023-22937 Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise — Splunk EnterpriseCWE-20 4.3 Medium2023-02-14

本页汇总了 Splunk 厂商截至目前公开的全部 155 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。