Skip to main content

Splunk Product Security

blank blank

Splunk Protects

Learn about how Splunk keeps your data secure and private in its offerings and how it deploys Security by Design particularly in hosted services.

Splunk Data Security and Privacy
brings-all-it-data-together brings-all-it-data-together

Report a Security Vulnerability

If you're a professional security researcher that discovered a vulnerability in a Splunk Product or Service, submit your findings to us

Security Vulnerability Submission Portal

Critical Security Alerts, Quarterly Security Patches, and Third Party Bulletins

This page lists announcements of security fixes made in Critical Security Alerts, Quarterly Security Patch Updates, and Third Party Bulletins.

Critical Security Alerts

Splunk will publish out-of-band advisories for vulnerabilities that are time-sensitive as soon as possible.

Quarterly Security Patch Updates

Security Updates are collections of security fixes for supported versions of Splunk products. We plan to create Security Patch Updates and make them available through scheduled cloud releases or on-premises maintenance releases for supported versions of Splunk products at the time of the quarterly advisory disclosure. When patches can not be backported due to technical feasibility or otherwise, we will publish mitigation and additional compensating control guidance.

Security Patch Updates are typically published on the first Tuesday of Splunk’s fiscal quarter. The next three planned dates are:

  • February 7, 2023
  • May 2, 2023
  • August 1, 2023
SVDDateTitleSeverityCVE
SVD-2022-1112November 2, 2022Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk EnterpriseHighCVE-2022-43572
SVD-2022-1111November 2, 2022Remote Code Execution through dashboard PDF generation component in Splunk EnterpriseHighCVE-2022-43571
SVD-2022-1110November 2, 2022XML External Entity Injection through a custom View in Splunk EnterpriseHighCVE-2022-43570
SVD-2022-1109November 2, 2022Persistent Cross-Site Scripting via a Data Model object name in Splunk EnterpriseHighCVE-2022-43569
SVD-2022-1108November 2, 2022Reflected Cross-Site Scripting via the radio template in Splunk EnterpriseHighCVE-2022-43568
SVD-2022-1107November 2, 2022Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts featureHighCVE-2022-43567
SVD-2022-1106November 2, 2022Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk EnterpriseHighCVE-2022-43566
SVD-2022-1105November 2, 2022Risky command safeguards bypass via ‘tstats’ command JSON in Splunk EnterpriseHighCVE-2022-43565
SVD-2022-1104November 2, 2022Denial of Service in Splunk Enterprise through search macrosMediumCVE-2022-43564
SVD-2022-1103November 2, 2022Risky command safeguards bypass via ‘rex’ search command field names in Splunk EnterpriseHighCVE-2022-43563
SVD-2022-1102November 2, 2022Host Header Injection in Splunk EnterpriseLowCVE-2022-43562
SVD-2022-1101November 2, 2022Persistent Cross-Site Scripting in “Save Table” Dialog in Splunk EnterpriseMediumCVE-2022-43561
SVD-2022-0803August 16, 2022Malformed ZIP file crash via file monitoring inputMediumCVE-2022-37439
SVD-2022-0802August 16, 2022Information disclosure via the dashboard drilldownLowCVE-2022-37438
SVD-2022-0801August 16, 2022Ingest Actions UI disabled TLS certificate validationHighCVE-2022-37437
SVD-2022-0507May 3, 2022Error message discloses internal pathMediumCVE-2022-26070
SVD-2022-0506May 3, 2022Path Traversal in search parameterHighCVE-2022-26889
SVD-2022-0505May 3, 2022Reflected XSS in a query parameterHighCVE-2022-27183
SVD-2022-0504May 3, 2022Bypass of DUO MFAHighCVE-2021-26253
SVD-2022-0503May 3, 2022S2S TcpToken authentication bypassHighCVE-2021-31559
SVD-2022-0502May 3, 2022Username enumerationMediumCVE-2021-33845
SVD-2022-0501May 3, 2022Local privilege escalation in Splunk Enterprise WindowsHighCVE-2021-42743

For archived security announcements, go to the Security Announcements Archive.

Third-Party Bulletins

Third-Party Bulletins announce security patches for third-party software. Splunk publishes Third Party Bulletins on the same day as Critical Security Alerts or Quarterly Security Patch Updates.

Policy on information provided in Critical Security Alert and Security Patch Updates

Splunk continuously monitors for vulnerabilities discovered through scans, offensive exercises, employees or externally reported by vendors or researchers. Splunk follows industry best practices to discover and remediate vulnerabilities. To report a security vulnerability, please submit to the Security Vulnerability Submission Portal.

Splunk will not provide additional information about the specifics of vulnerabilities beyond what is provided in the Critical Security Alert or the Security Patch Update. Splunk does not distribute active exploit code (i.e. proof of concept code) for vulnerabilities in our products.

 

Applicability of Critical Security Alerts and Quarterly Security Updates

The Splunk teams regularly evaluate Critical Security Alerts, Quarterly Security Patch Updates and Third Party bulletins as they become available and apply the relevant patches in accordance with applicable change management processes.

Customers requiring additional information that is not addressed in the Critical Patch Update Advisory may obtain information by going to the Support Portal and submitting a New Case.