Cyber Resilience

CVE-2023-46214

High

Published: 16 November 2023

Published
16 November 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.8786 99.5th percentile
Risk Priority 69 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-46214 is a high-severity aka Blind XPath Injection (CWE-91) vulnerability in Splunk Splunk. Its CVSS base score is 8.0 (High).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Splunk Enterprise versions below 9.0.7 and 9.1.2 are affected by CVE-2023-46214, a flaw in which the product fails to safely sanitize extensible stylesheet language transformations supplied by users. The issue is tracked under CWE-91 and carries a CVSS 3.1 score of 8.0.

An authenticated attacker who can upload XSLT content may exploit the weakness to achieve remote code execution on the Splunk Enterprise instance. The attack requires user interaction and involves high complexity, yet successful exploitation yields complete compromise of confidentiality, integrity, and availability with changed scope.

Splunk advisory SVD-2023-1104 directs customers to upgrade to version 9.0.7 or 9.1.2, the releases that contain the necessary fixes for this input-handling deficiency.

The associated EPSS score currently stands at 0.8786 with a recorded peak of 0.8793.

EU & UK References

Vulnerability details

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the…

more

Splunk Enterprise instance.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

splunk
cloud
≤ 9.1.2308
splunk
splunk
9.0.0 — 9.0.7 · 9.1.0 — 9.1.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References