Splunk Archives | InfoSec Industry

Splunk Enterprise and Splunk Light address one vulnerability

Splunk February 14, 2019

Description Splunk Enterprise and Splunk Light address one vulnerability Persistent Cross Site Scripting in Splunk Web (SPL-138827, CVE-2019-5727) At the time of this announcement, Splunk is not aware of any...

Splunk-Python-SDK address one vulnerability

Splunk January 11, 2019

Description Splunk-Python-SDK address one vulnerability Untrusted TLS server certs verification is not present (CVE-2019-5729) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities...

Splunk Enterprise and Splunk Light address multiple vulnerabilities

Splunk September 7, 2018

Description Splunk Enterprise and Splunk Light address multiple vulnerabilities Cross Site Scripting in Splunk Web (CVE-2018-7427) Denial of Service (CVE-2018-7432) Path Traversal Vulnerability...

Splunk response to CVE-2018-11409: Information Exposure

Splunk June 14, 2018

Description Splunk has completed a review of CVE-2018-11409: Information Exposure. Splunk Enterprise exposes system information through a REST endpoint as described by the vulnerability descriptions. Information Exposure in Splunk Enterprise ...

Splunk response to CVE-2018-11409: Information Disclosure

Splunk June 14, 2018

Description Splunk has completed a review of CVE-2018-11409: Information Disclosure. Splunk Enterprise versions before 6.6.0 expose partial information about the host operating system, hardware and Splunk license over an unauthenticated REST endpoint. Splunk Enterprise 6.6.0 and later expose partial...

Splunk response to Potential Local Privilege Escalation through instructions to run Splunk as non-root user

Splunk October 20, 2017

Description Splunk response to Potential Local Privilege Escalation through instructions to run Splunk as non-root user Potential Local Privilege Escalation through instructions to run Splunk as non-root user (SPL-144192) ...

Splunk Enterprise 7.0.0.1/7.0.1, 6.6.3.2/6.6.4, 6.5.6, 6.4.9 and 6.3.12 address multiple SAML vulnerabilities

Splunk September 18, 2017

Description Splunk Enterprise 7.0.0.1/7.0.1, 6.6.3.2/6.6.4, 6.5.6, 6.4.9 and 6.3.12 address multiple SAML vulnerabilities. Multiple SAML implementation vulnerabilities in Splunk Enterprise (CVE-2017-17067) ...

Splunk Enterprise 6.6.3 and Splunk Light 6.6.3 address multiple vulnerabilities

Splunk August 9, 2017

Description Splunk Enterprise 6.6.3 and Splunk Light 6.6.3 address multiple vulnerabilities Persistent Cross Site Scripting in Splunk Web (SPL-142874) Reflected Cross Site Scripting in Splunk Web (SPL-142877) At the time of...

Splunk Enterprise 6.3.11 and Splunk Light 6.5.3 address one vulnerability

Splunk May 23, 2017

Description Splunk Enterprise 6.3.11 and Splunk Light 6.5.3 address one vulnerability Attacker Influenced Error Messages May Permit Social Engineering (SPL-135602) At the time of this announcement, Splunk is not aware...

Splunk Enterprise 6.4.7 and Splunk Light 6.5.3 address multiple vulnerabilities

Splunk April 13, 2017

Description Splunk Enterprise 6.4.7 and Splunk Light 6.5.3 address multiple vulnerabilities Cross Site Scripting in Splunk Web (SPL-135650) Cross Site Scripting in Splunk Web (SPL-137327) Cross Site Scripting in Splunk Web (SPL-135341) ...