CVE-2023-46214
Published: 16 November 2023
Summary
CVE-2023-46214 is a high-severity aka Blind XPath Injection (CWE-91) vulnerability in Splunk Splunk. Its CVSS base score is 8.0 (High).
Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Splunk Enterprise versions below 9.0.7 and 9.1.2 are affected by CVE-2023-46214, a flaw in which the product fails to safely sanitize extensible stylesheet language transformations supplied by users. The issue is tracked under CWE-91 and carries a CVSS 3.1 score of 8.0.
An authenticated attacker who can upload XSLT content may exploit the weakness to achieve remote code execution on the Splunk Enterprise instance. The attack requires user interaction and involves high complexity, yet successful exploitation yields complete compromise of confidentiality, integrity, and availability with changed scope.
Splunk advisory SVD-2023-1104 directs customers to upgrade to version 9.0.7 or 9.1.2, the releases that contain the necessary fixes for this input-handling deficiency.
The associated EPSS score currently stands at 0.8786 with a recorded peak of 0.8793.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-50457
Vulnerability details
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the…
more
Splunk Enterprise instance.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.