CVE-2023-46214

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 16, 2023

Updated: Apr 10, 2024

CWE ID 91

Summary

CVE-2023-46214 is a vulnerability affecting Splunk Enterprise versions below 9.0.7 and 9.1.2. This issue permits attackers to upload malicious Extensible Stylesheet Language Transformations (XSLT), which Splunk Enterprise fails to safely sanitize. Consequently, an attacker can execute remote code on the vulnerable Splunk Enterprise instance, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SPLUNK Enterprise Security
Splunk Cloud

Affected Vendors

Splunk

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tDuInW
https://www.cve.org/CVERecord?id=CVE-2023-46214
https://nvd.nist.gov/vuln/detail/CVE-2023-46214

Back to Vulnerability Database