Splunk Enterprise Vulnerability: Remote Code Execution via Malicious XSLT
CVE-2023-46214
Key Information:
- Vendor
- Splunk
- Vendor
- CVE Published:
- 16 November 2023
Badges
Summary
The CVE-2023-46214 vulnerability affects Splunk Enterprise versions below 9.0.7 and 9.1.2, allowing attackers to execute remote code by uploading malicious XSLT. A proof-of-concept exploit has been made public, prompting users to apply patches or workarounds provided by Splunk to mitigate the risk. There are no known exploitations in the wild by ransomware groups at this time.
Affected Version(s)
Splunk Cloud - < 9.1.2308
Splunk Enterprise 9.0 < 9.0.7
Splunk Enterprise 9.1 < 9.1.2
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Cyware LabsCVE-2023-46214PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)
A proof-of-concept exploit for a high-severity vulnerability in Splunk Enterprise has been made public. The flaw, identified as CVE-2023-46214, allows attackers to execute remote code by uploading malicious extensible stylesheet language transformations (XSLT). The affected versions include Splunk E...
9 months ago
Help Net SecurityWeek in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerability disclosure: Legal risks and ethical
1 year ago
UptycsCVE-2023-46214CVE-2023-46214: the Splunk Remote Code Execution (RCE) Vulnerability
Take a deep dive into the critical CVE-2023-46214 RCE vulnerability in Splunk, learn about its exploitation & find out how to stay secure.
1 year ago
References
EPSS Score
17% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by blog.hrncirik.net
Vulnerability published
Vulnerability Reserved