CVE-2023-46214

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
aka Blind XPath Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
splunkcloud
𝑥
< 9.1.2308
splunksplunk
9.0.0 ≤
𝑥
< 9.0.7
splunksplunk
9.1.0 ≤
𝑥
< 9.1.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
splunksplunk_enterprise
9.1 ≤
𝑥
< 9.1.2
ADP
splunksplunk_enterprise
9.0 ≤
𝑥
< 9.0.7
ADP
splunksplunk_enterprise
9.1 ≤
𝑥
< 9.1.2
ADP
splunksplunk_enterprise
9.0 ≤
𝑥
< 9.0.7
ADP
Common Weakness Enumeration
References
https://advisory.splunk.com/advisories/SVD-2023-1104
https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e/
https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/
https://advisory.splunk.com/advisories/SVD-2023-1104
https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e/
https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/