CVE-2023-46214: Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
First published: Thu Nov 16 2023(Updated: )
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
Credit: prodsec@splunk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Splunk Cloud | <9.1.2308 | |
| Splunk Splunk | >=9.0.0<9.0.7 | |
| Splunk Splunk | >=9.1.0<9.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-46214?
CVE-2023-46214 is a vulnerability in Splunk Enterprise versions below 9.0.7 and 9.1.2 that allows remote code execution (RCE) through insecure XML parsing.
How does CVE-2023-46214 impact Splunk Enterprise?
CVE-2023-46214 allows an attacker to upload malicious XSLT files, which can result in remote code execution on the Splunk Enterprise instance.
What software versions are affected by CVE-2023-46214?
Splunk Enterprise versions below 9.0.7 and 9.1.2 are affected by CVE-2023-46214.
What is the severity of CVE-2023-46214?
CVE-2023-46214 has a severity rating of high.
How can I fix CVE-2023-46214?
To fix CVE-2023-46214, update Splunk Enterprise to version 9.0.7 or 9.1.2.
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- agent/references
- agent/title
- agent/weakness
- agent/tags
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/splunk
- canonical/splunk cloud
- canonical/splunk splunk
- version/splunk splunk/9.0.0
- version/splunk splunk/9.1.0