CVE-2023-40592

Summary

CVE-2023-40592 is a reflected cross-site scripting (XSS) vulnerability impacting Splunk Enterprise versions prior to 9.1.1, 9.0.6, and 8.2.12. Maliciously crafted web requests can be used to inject malicious scripts into the "/app/search/table" endpoint, potentially leading to the execution of arbitrary commands on the affected Splunk platform instance. This issue poses a significant risk and requires immediate attention for organizations using impacted versions of Splunk Enterprise. Upgrading to a patched version is strongly recommended to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.