Splunk Enterprise <8.2.12/9.0.6/9.1.1: Arbitrary Code Exec via Serialized Query
CVE-2023-40595 Published on August 30, 2023
Remote Code Execution via Serialized Session Payload
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2023-40595 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2023-40595
stack.watch emails you whenever new vulnerabilities are published in Splunk Cloud Platform or Splunk. Just hit a watch button to start following.
Affected Versions
Splunk Enterprise:- Version 8.2 and below 8.2.12 is affected.
- Version 9.0 and below 9.0.6 is affected.
- Version 9.1 and below 9.1.1 is affected.
- Version - and below 9.0.2305.200 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.