Splunk
Company Details
Linkedin ID:
splunk
Website:
Employees number:
9,558
Number of followers:
764,900
NAICS:
5112
Industry Type:
Homepage:
splunk.com
IP Addresses:
0
Company ID:
SPL_2582792
Scan Status:
In-progress
Splunk Company CyberSecurity Posture
splunk.com
Splunk is helping to build a safer and more resilient digital world by equipping customers with the unified security and observability platform they need to keep their organization securely up and running — no matter what digital disruptions come their way.
Splunk A.I CyberSecurity Scoring
Splunk Risk Score (AI oriented)Between 750 and 799
Splunk
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Splunk Global Score (TPRM)XXXX
Splunk
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Splunk Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Splunk
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Splunk has suffered a security incident due to two separate high-severity vulnerabilities. The first vulnerability enables RCE, allowing low-privileged users to execute arbitrary code through malicious file uploads, affecting Splunk Enterprise and Splunk Cloud Platform before certain versions. The second vulnerability affects the Splunk Secure Gateway app, where users can search with higher-privileged permissions, leading to potential unauthorized disclosure of sensitive information. Both issues have been patched, with suggested updates provided to Splunk users to remediate the risk. The security flaws highlight the critical importance of maintaining updated systems and monitoring access control within corporate environments to prevent data breaches and maintain operational integrity.
Splunk Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Splunk
Incidents vs Software Development Industry Average (This Year)
Splunk has 75.44% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Splunk has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types Splunk vs Software Development Industry Avg (This Year)
Splunk reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Splunk (X = Date, Y = Severity)
Splunk cyber incidents detection timeline including parent company and subsidiaries
Splunk Company Subsidiaries
Splunk is helping to build a safer and more resilient digital world by equipping customers with the unified security and observability platform they need to keep their organization securely up and running — no matter what digital disruptions come their way.
Loading...
Splunk Similar Companies
Amazon Fulfillment Technologies & Robotics
On the Fulfillment Technologies & Robotics Team, we build dynamic partnerships between people and intelligent machines. This intricate collaboration helps Amazon fulfill orders with unmatched accuracy. Since we began working with robotics, we've added over a million new jobs worldwide. Working in s
PayPal
We're championing possibilities for all by making money fast, easy, and more enjoyable. Our hope is unlock opportunities for people in their everyday lives and empower the millions of people and businesses around the world who trust, rely, and use PayPal every day. For support, visit the PayPal He
Snowflake
**Snowflake is proud to be the Official Data Collaboration Provider for LA28 and Team USA.** Snowflake delivers the AI Data Cloud — a global network where thousands of organizations mobilize data with near-unlimited scale, concurrency, and performance. Inside the AI Data Cloud, organizations unite
Cadence
Cadence is a market leader in AI and digital twins, pioneering the application of computational software to accelerate innovation in the engineering design of silicon to systems. Our design solutions, based on Cadence’s Intelligent System Design™ strategy, are essential for the world’s leading semic
ServiceNow
ServiceNow (NYSE: NOW) makes the world work better for everyone. Our cloud-based platform and solutions help digitize and unify organizations so that they can find smarter, faster, better ways to make work flow. So employees and customers can be more connected, more innovative, and more agile. And w
SAP is the leading enterprise application and business AI company. We stand at the intersection of business and technology, where our innovations are designed to directly address real business challenges and produce real-world impacts. Our solutions are the backbone for the world’s most complex and
Baidu is a leading AI company with strong Internet foundation, driven by our mission to “make the complicated world simpler through technology”. Founded in 2000 as a search engine platform, we were an early adopter of artificial intelligence in 2010. Since then, we have established a full AI stack,
Autodesk is changing how the world is designed and made. Our technology spans architecture, engineering, construction, product design, manufacturing, and media and entertainment. We empower innovators everywhere to solve challenges, big and small. From greener buildings to smarter products and mo
JD.COM
JD.com, also known as JINGDONG, is a leading e-commerce company transferring to be a technology and service enterprise with supply chain at its core. JD.com’s business has expanded across retail, technology, logistics, health, property development, industrials, and international business. Ranking 44
.png)
Splunk CyberSecurity News
December 10, 2025 12:52 PM
Expert Edition: How to tackle complex federal cyber challenges
From CISA to Cisco, Splunk and the ExIm Bank, cybersecurity experts reveal how agencies can secure infrastructure, unify data and build...
December 08, 2025 04:41 PM
Splunk Patches Critical Windows Privilege Escalation Vulnerabilities (CVSS 8.0)
Exposed Permissions: The Splunk Flaw That Could Upend Enterprise Defenses. In the fast-paced world of cybersecurity, where threats evolve as...
December 08, 2025 04:04 PM
New Splunk Windows Flaw Enables Privilege Escalation Attacks
Splunk for Windows has a high-severity flaw that lets local users escalate privileges through misconfigured file permissions.
December 05, 2025 08:28 AM
Splunk Enterprise Vulnerability: CVE-2025-20386 and CVE-2025-20387
Discover Splunk Enterprise vulnerabilities CVE-2025-20386 and CVE-2025-20387. Learn how to secure your system and prevent local security...
December 05, 2025 06:54 AM
Splunk Enterprise Vulnerabilities Allow Privilege Escalation Via Incorrect File Permissions
A high-severity vulnerability has been disclosed in Splunk affecting its Enterprise and Universal Forwarder products for Windows,...
November 20, 2025 08:00 AM
Splunk's Impact in Cybersecurity Gains Repeated Analyst Recognition
PRNewswire/ -- Cisco today announced Splunk's continued position as a leader in the rapidly evolving security information and event...
November 17, 2025 08:00 AM
Detection Techniques for Outlook NotDoor Backdoor Malware Uncovered by Researchers
NotDoor Malware - The Splunk Threat Research Team has shed light on a new malware strain, NotDoor, which leverages Microsoft Outlook.
November 13, 2025 08:00 AM
Cisco security sacked by Splunk sales split
Cisco posted robust operating results for its most recent fiscal quarter, bolstered by strong growth in networking sales and continued heat...
November 13, 2025 08:00 AM
Exclusive: Splunk reveals why only 4% of organisations are cyber ready
Only 4% of organisations are fully cyber ready, according to the 2025 Cisco Cybersecurity Readiness Index, highlighting persistent gaps in...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Splunk CyberSecurity History Information
Official Website of Splunk
The official website of Splunk is http://www.splunk.com.
Splunk’s AI-Generated Cybersecurity Score
According to Rankiteo, Splunk’s AI-generated cybersecurity score is 787, reflecting their Fair security posture.
How many security badges does Splunk’ have ?
According to Rankiteo, Splunk currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Splunk have SOC 2 Type 1 certification ?
According to Rankiteo, Splunk is not certified under SOC 2 Type 1.
Does Splunk have SOC 2 Type 2 certification ?
According to Rankiteo, Splunk does not hold a SOC 2 Type 2 certification.
Does Splunk comply with GDPR ?
According to Rankiteo, Splunk is not listed as GDPR compliant.
Does Splunk have PCI DSS certification ?
According to Rankiteo, Splunk does not currently maintain PCI DSS compliance.
Does Splunk comply with HIPAA ?
According to Rankiteo, Splunk is not compliant with HIPAA regulations.
Does Splunk have ISO 27001 certification ?
According to Rankiteo,Splunk is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Splunk
Splunk operates primarily in the Software Development industry.
Number of Employees at Splunk
Splunk employs approximately 9,558 people worldwide.
Subsidiaries Owned by Splunk
Splunk presently has no subsidiaries across any sectors.
Splunk’s LinkedIn Followers
Splunk’s official LinkedIn profile has approximately 764,900 followers.
NAICS Classification of Splunk
Splunk is classified under the NAICS code 5112, which corresponds to Software Publishers.
Splunk’s Presence on Crunchbase
No, Splunk does not have a profile on Crunchbase.
Splunk’s Presence on LinkedIn
Yes, Splunk maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/splunk.
Cybersecurity Incidents Involving Splunk
As of December 18, 2025, Rankiteo reports that Splunk has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Splunk has an estimated 27,810 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Splunk ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does Splunk detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with patches provided to users, remediation measures with suggested updates to remediate risk..
Incident Details
Can you provide details on each incident ?
Title: Splunk Security Incident
Description: Splunk has suffered a security incident due to two separate high-severity vulnerabilities. The first vulnerability enables RCE, allowing low-privileged users to execute arbitrary code through malicious file uploads, affecting Splunk Enterprise and Splunk Cloud Platform before certain versions. The second vulnerability affects the Splunk Secure Gateway app, where users can search with higher-privileged permissions, leading to potential unauthorized disclosure of sensitive information. Both issues have been patched, with suggested updates provided to Splunk users to remediate the risk. The security flaws highlight the critical importance of maintaining updated systems and monitoring access control within corporate environments to prevent data breaches and maintain operational integrity.
Type: Security Vulnerabilities
Attack Vector: Malicious File UploadsPrivilege Escalation
Vulnerability Exploited: Remote Code Execution (RCE)Unauthorized Disclosure of Sensitive Information
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Security Vulnerabilities SPL355032725
Systems Affected: Splunk EnterpriseSplunk Cloud PlatformSplunk Secure Gateway app
Which entities were affected by each incident ?
Incident : Security Vulnerabilities SPL355032725
Entity Name: Splunk
Entity Type: Corporation
Industry: Software
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Security Vulnerabilities SPL355032725
Remediation Measures: Patches provided to usersSuggested updates to remediate risk
Data Breach Information
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Patches provided to users, Suggested updates to remediate risk, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Security Vulnerabilities SPL355032725
Lessons Learned: The critical importance of maintaining updated systems and monitoring access control within corporate environments to prevent data breaches and maintain operational integrity.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are The critical importance of maintaining updated systems and monitoring access control within corporate environments to prevent data breaches and maintain operational integrity.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Security Vulnerabilities SPL355032725
Root Causes: Remote Code Execution (Rce) Through Malicious File Uploads, Unauthorized Disclosure Of Sensitive Information Through Privilege Escalation,
Corrective Actions: Patches And Updates Provided To Users,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patches And Updates Provided To Users, .
Additional Questions
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Splunk EnterpriseSplunk Cloud PlatformSplunk Secure Gateway app.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was The critical importance of maintaining updated systems and monitoring access control within corporate environments to prevent data breaches and maintain operational integrity.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.
Risk Information
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Description
Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Description
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=splunk' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
