- How many CVEs does Splunk have?
- Splunk has 287 published CVE records since 2010, including 71 in the last two years.
- How many Splunk CVEs are in CISA KEV?
- Yes — 2 of Splunk's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Splunk products have the most CVEs?
- The Splunk products with the most published CVEs are splunk, Splunk Enterprise, Splunk Cloud Platform, Universal Forwarder, Splunk Cloud.
- What are the most common weakness types in Splunk CVEs?
- Splunk's CVEs most often map to these CWE weakness types: CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-20 (Improper Input Validation), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-284 (Improper Access Control).
- Are there public exploits for Splunk vulnerabilities?
- Yes — 55 of Splunk's CVEs have a known public exploit.
- How many critical Splunk vulnerabilities are there?
- Splunk has 18 critical and 109 high-severity CVEs.
- What is the average severity of Splunk CVEs?
- The average CVSS base score across Splunk's scored CVEs is 6.6.