We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-46214

Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing



Description

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

Reserved 2023-10-18 | Published 2023-11-16 | Updated 2025-01-07 | Assigner Splunk


HIGH: 8.0CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Problem types

The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

Product status

9.0 before 9.0.7
affected

9.1 before 9.1.2
affected

- before 9.1.2308
affected

Credits

Alex Hordijk

References

advisory.splunk.com/advisories/SVD-2023-1104

research.splunk.com/...a053e6a6-2146-483a-9798-2d43652f3299/

research.splunk.com/...6cb7e011-55fb-48e3-a98d-164fa854e37e/

cve.org (CVE-2023-46214)

nvd.nist.gov (CVE-2023-46214)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-46214

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.