Splunk Enterprise and Splunk Light address one vulnerability
Description
Splunk Enterprise and Splunk Light address one vulnerability
Persistent Cross Site Scripting in Splunk Web (SPL-138827, CVE-2019-5727)
At the time of this announcement, Splunk is not aware of any...
Splunk-Python-SDK address one vulnerability
Description
Splunk-Python-SDK address one vulnerability
Untrusted TLS server certs verification is not present (CVE-2019-5729)
At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities...
Splunk Enterprise and Splunk Light address multiple vulnerabilities
Description
Splunk Enterprise and Splunk Light address multiple vulnerabilities
Cross Site Scripting in Splunk Web (CVE-2018-7427)
Denial of Service (CVE-2018-7432)
Path Traversal Vulnerability...
Splunk response to CVE-2018-11409: Information Exposure
Description
Splunk has completed a review of CVE-2018-11409: Information Exposure. Splunk Enterprise exposes system information through a REST endpoint as described by the vulnerability descriptions.
Information Exposure in Splunk Enterprise
...
Splunk response to CVE-2018-11409: Information Disclosure
Description
Splunk has completed a review of CVE-2018-11409: Information Disclosure.
Splunk Enterprise versions before 6.6.0 expose partial information about the host operating system, hardware and Splunk license over an unauthenticated REST endpoint. Splunk Enterprise 6.6.0 and later expose partial...
Splunk response to Potential Local Privilege Escalation through instructions to run Splunk as non-root user
Description
Splunk response to Potential Local Privilege Escalation through instructions to run Splunk as non-root user
Potential Local Privilege Escalation through instructions to run Splunk as non-root user (SPL-144192)
...
Splunk Enterprise 7.0.0.1/7.0.1, 6.6.3.2/6.6.4, 6.5.6, 6.4.9 and 6.3.12 address multiple SAML vulnerabilities
Description
Splunk Enterprise 7.0.0.1/7.0.1, 6.6.3.2/6.6.4, 6.5.6, 6.4.9 and 6.3.12 address multiple SAML vulnerabilities.
Multiple SAML implementation vulnerabilities in Splunk Enterprise (CVE-2017-17067)
...
Splunk Enterprise 6.6.3 and Splunk Light 6.6.3 address multiple vulnerabilities
Description
Splunk Enterprise 6.6.3 and Splunk Light 6.6.3 address multiple vulnerabilities
Persistent Cross Site Scripting in Splunk Web (SPL-142874)
Reflected Cross Site Scripting in Splunk Web (SPL-142877)
At the time of...
Splunk Enterprise 6.3.11 and Splunk Light 6.5.3 address one vulnerability
Description
Splunk Enterprise 6.3.11 and Splunk Light 6.5.3 address one vulnerability
Attacker Influenced Error Messages May Permit Social Engineering (SPL-135602)
At the time of this announcement, Splunk is not aware...
Splunk Enterprise 6.4.7 and Splunk Light 6.5.3 address multiple vulnerabilities
Description
Splunk Enterprise 6.4.7 and Splunk Light 6.5.3 address multiple vulnerabilities
Cross Site Scripting in Splunk Web (SPL-135650)
Cross Site Scripting in Splunk Web (SPL-137327)
Cross Site Scripting in Splunk Web (SPL-135341)
...