We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-46214

Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing



AssignerSplunk
Reserved2023-10-18
Published2023-11-16
Updated2024-09-04

Description

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.



HIGH: 8.0CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Problem types

The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

Product status

9.0 before 9.0.7
affected

9.1 before 9.1.2
affected

- before 9.1.2308
affected

Credits

Alex Hordijk

References

https://advisory.splunk.com/advisories/SVD-2023-1104

https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/

https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e/

cve.org CVE-2023-46214

nvd.nist.gov CVE-2023-46214

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-46214
Subscribe to our newsletter to learn more about our work.