Security News > 2023 > November > PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)
2023-11-27 10:44

A proof-of-concept exploit for a high-severity flaw in Splunk Enterprise that can lead to remote code execution has been made public.

Splunk Enterprise is a solution that ingests a variety of data generated by an organization's business infrastructure and applications.

CVE-2023-46214 stems from Splunk Enterprise's failure to safely sanitize extensible stylesheet language transformations that users supply.

According to the advisory, CVE-2023-46214 affects Splunk Enterprise versions 9.0.0 to 9.0.6 and 9.1.0 to 9.1.1.

"Splunk is actively monitoring and patching Splunk Cloud Platform instances," the company added.

"For earlier Splunk Enterprise versions, review the web.conf specification for availability of the enableSearchJobXslt setting," Splunk advised.


News URL

https://www.helpnetsecurity.com/2023/11/27/cve-2023-46214-poc/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-11-16 CVE-2023-46214 XML Injection (aka Blind XPath Injection) vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply.
network
low complexity
splunk CWE-91
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Splunk 14 16 99 55 12 182