WARNING: VULNERABILITY IN SPLUNK ENTERPRISE CAN LEAD TO REMOTE CODE EXECUTION (RCE), PATCH IMMEDIATELY
CVE-2023-46214
CVSS: 8.0 (HIGH) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
Bronnen
Risico’s
Exploitation of CVE-2023-46214 can lead to remote code execution (RCE) through insecure XML parsing.
Said vulnerability is actively discussed and referenced in forums and platforms. Proof of concept exploit(s) exist(s). A compromise could have high impact on confidentiality, integrity and availability.
Splunk offers a solution to mitigate the risk.
Beschrijving
Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) supplied by users. An attacker could upload a malicious XSLT which could result in remote code execution (RCE) on the Splunk Enterprise instance.
Aanbevolen acties
The Centre for Cyber Security Belgium (CCB) strongly recommends to follow Splunk's advisory to upgrade to Splunk Enterprise 9.0.7 or 9.1.2.