Splunk : Security Vulnerabilities, CVEs, Published In 2010
Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.
Max CVSS
4.6
EPSS Score
0.15%
Published
2010-09-14
Updated
2010-09-14
The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.
Max CVSS
8.8
EPSS Score
0.14%
Published
2010-09-14
Updated
2024-02-21
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.
Max CVSS
6.0
EPSS Score
0.12%
Published
2010-06-28
Updated
2010-06-29
Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085.
Max CVSS
4.3
EPSS Score
0.10%
Published
2010-06-28
Updated
2010-06-29
Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067.
Max CVSS
7.5
EPSS Score
0.24%
Published
2010-06-28
Updated
2010-06-29
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-06-24
Updated
2021-07-23
6 vulnerabilities found