Security News > 2023 > November > PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)
A proof-of-concept exploit for a high-severity flaw in Splunk Enterprise that can lead to remote code execution has been made public.
Splunk Enterprise is a solution that ingests a variety of data generated by an organization's business infrastructure and applications.
CVE-2023-46214 stems from Splunk Enterprise's failure to safely sanitize extensible stylesheet language transformations that users supply.
According to the advisory, CVE-2023-46214 affects Splunk Enterprise versions 9.0.0 to 9.0.6 and 9.1.0 to 9.1.1.
"Splunk is actively monitoring and patching Splunk Cloud Platform instances," the company added.
"For earlier Splunk Enterprise versions, review the web.conf specification for availability of the enableSearchJobXslt setting," Splunk advised.
News URL
https://www.helpnetsecurity.com/2023/11/27/cve-2023-46214-poc/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-16 | CVE-2023-46214 | XML Injection (aka Blind XPath Injection) vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. | 8.8 |