In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
Metrics
Affected Vendors & Products
References
History
Tue, 15 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Splunk splunk Enterprise
|
|
CPEs | cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:* | |
Vendors & Products |
Splunk splunk Enterprise
|
|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Splunk
Published: 2023-11-16T20:15:25.838Z
Updated: 2024-12-10T18:00:36.327Z
Reserved: 2023-10-18T17:02:51.236Z
Link: CVE-2023-46214
Vulnrichment
Updated: 2024-08-02T20:37:40.138Z
NVD
Status : Modified
Published: 2023-11-16T21:15:08.630
Modified: 2024-11-21T08:28:05.150
Link: CVE-2023-46214
Redhat
No data.