XSLT RCE in Splunk Enterprise <9.0.7/9.1.2
CVE-2023-46214 Published on November 16, 2023
Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
Weakness Type
What is an aka Blind XPath Injection Vulnerability?
The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. Within XML, special elements could include reserved words or characters such as "<", ">", """, and "&", which could then be used to add new data or modify XML syntax.
CVE-2023-46214 has been classified to as an aka Blind XPath Injection vulnerability or weakness.
Products Associated with CVE-2023-46214
Want to know whenever a new CVE is published for Splunk products? stack.watch will email you.
Affected Versions
Splunk Enterprise:- Version 9.0 and below 9.0.7 is affected.
- Version 9.1 and below 9.1.2 is affected.
- Version - and below 9.1.2308 is affected.
- Version 9.1 and below 9.1.2 is affected.
- Version 9.0 and below 9.0.7 is affected.
- Version 9.1 and below 9.1.2 is affected.
- Version 9.0 and below 9.0.7 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.