In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
References
| Link | Resource |
|---|---|
| https://advisory.splunk.com/advisories/SVD-2023-1104 | Vendor Advisory |
| https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e/ | Vendor Advisory |
| https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Dec 2023, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
12 Dec 2023, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
24 Nov 2023, 23:07
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://advisory.splunk.com/advisories/SVD-2023-1104 - Vendor Advisory | |
| References | () https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/ - Vendor Advisory | |
| References | () https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e/ - Vendor Advisory | |
| First Time |
Splunk
Splunk splunk Splunk cloud |
|
| CWE | CWE-91 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| CPE | cpe:2.3:a:splunk:cloud:*:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* |
23 Nov 2023, 01:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
20 Nov 2023, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
16 Nov 2023, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-16 21:15
Updated : 2024-04-10 01:15
NVD link : CVE-2023-46214
Mitre link : CVE-2023-46214
CVE.ORG link : CVE-2023-46214
JSON object : View
Products Affected
splunk
- cloud
- splunk
CWE
CWE-91
XML Injection (aka Blind XPath Injection)